Re: ASP.NET 2.0 Authentication pattern

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 06/09/05 

Date: Wed, 08 Jun 2005 23:05:56 -0700

Hello Brock,

hey, brock is back, and he is absolutely right :)

it is comparable to IIdentity and IPrincipal - one for authentication and
one for authorization.

So i guess the final question is - where is the proposed place to store additional
user info in asp2??

I guess that's profile - but at least it is not Role or Membership.

Decide yourself if you want to use the profile feature for that - or if you
handroll that.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

>> Usually my authentication pattern in 1.x was:
>> ...
>> - create custom IIdentity for additional user information
> This is where the thinking is different in ASP.NET 2.0 (at least by
> default). You need to think about authentication as a seperate "silo"
> of functionality than profile data for your users. The provider
> architecture handles these discrete areas and makes explicit
> boundaries for the functionality. Membership Providers are for
> managing authentication information which is different than the
> Profile Provider which is geared for user data which is different than
> the Role Provider which manages role mappings. Also, for each of these
> they may actually store their respective data in entirely different
> data stores (SqlServer, vs. AD, vs. an XML document vs. whatever).
> What they all have in common is User.Identity.Name.
>
> So where you used to think about all of these various bits of data
> jammed into one big table, now the model leans toward seperating each
> one of these areas out into its own provider and backing data store.
> This, while different and possibly a hassle, provides the most
> flexibility. Flexibility comes at a cost.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen

Relevant Pages

  • Re: MAPI property value
    ... (global profile section or my Address Book ... Provider's private profile section?) ... // Custom properties used by this service provider. ... The call in IABProvider::Logon opens first the some x section, ...
    (microsoft.public.win32.programmer.messaging)
  • Re: Web Site Configuration for remote users
    ... My site uses Accounts, Roles etc and I'd like to rip out my custom ... A proper method to distribute this to my provider (a .net hosting ... Authentication ... Also, on a brand new WS2003 machine, the Config site is there, but ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Defining Groups with AD users
    ... For ASP.NET authentication and role based authorization, ... you can configure the membership to use AD ... membership provider and Rolemanager to use SQL server provider. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Architecture: Custom Profile Provider with Active Directory Membership
    ... While you can perform insert/update/delete operations on users, the one thing that you can't change is the username. ... So, it stands to reason that if you perform a rename in AD, you are doing it outside of the context of the MembershipProvider, and unfortunately, it would be up to you to relocate profile information for any accounts that you changed the name of. ...
    (microsoft.public.dotnet.languages.csharp)
  • re: Location of the profile.msh for custom provider
    ... In your installation notes, you would want to make it clear that adding your formatting file to the profile is another step in the installation. ... Location of the profile.msh for custom provider ...
    (microsoft.public.windows.server.scripting)