Re: Best Authentication Provider
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 07/20/05
- Next message: Dominick Baier [DevelopMentor]: "Re: asp.net login contol using url redirect"
- Previous message: David Lozzi: "Best Authentication Provider"
- In reply to: David Lozzi: "Best Authentication Provider"
- Next in thread: David Lozzi: "Re: Best Authentication Provider"
- Reply: David Lozzi: "Re: Best Authentication Provider"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Jul 2005 05:04:58 -0700
Hello David,
inline
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Howdy,
>
> I've written a few apps already and I have done custom authentication
> like so: prompt for user name and password, verify information against
> SQL table, then load returned username, ID, security, etc. into
> session state. This works and frankly I'm not sure why i'm posting
> this except for that I want to be 'correct' in my apps.
>
> I notice .Net supports Authentication Modes. Which is the better one
> to use? I have a basic understanding of each provider and it appears
> that the Forms Authentication Provider is the preferred method? Using
> Forms, how do I specify the database table in SQL to use? Also, once
> validated, it loads the user information into a cookie for later
> retrieval. Can I load more information into this cookie, like custom
> security levels, etc. Currently, I basically have a range from 1
> through 10 specifying security levels, will this still work or does
> Forms process security itself?
You do that manually - you have to provide a login page - and handle the
login button click event - then you go to a datastore and validate credentials.
The authentication cookie contains a 'UserData' field where you can store
arbitrary additional information, e.g. Roles or what you call Security Levels.
Upon each request then you create a IPrincipial implementation and attach
it to the current thread.
>
> Same questions with Windows Auth. I've used Windows Auth in some
> legacy ASP apps and was able to determin security levels by a users
> membership to domain groups. Does this provider work the same? How do
> I read the security information?
Regardless of what AuthType you use - the IPrincipal which is accessible
through Page.User or Context.User contains a IsInRole("") method to query
role membership
i have a full working example of FormsAuth on my blog - this should get you
started..feel free to ask more questions after you looked at the code.
http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a
>
> Eh, PassPort is cool but I not necessary for me so I don't care enough
> to ask.
>
> I've been reading through MSDN articles pertaining to these but my
> questions can't seem to get answered with MS Docs. Any help and
> clarity is greatly appreciated!
>
> Thanks!
>
> David Lozzi
>
- Next message: Dominick Baier [DevelopMentor]: "Re: asp.net login contol using url redirect"
- Previous message: David Lozzi: "Best Authentication Provider"
- In reply to: David Lozzi: "Best Authentication Provider"
- Next in thread: David Lozzi: "Re: Best Authentication Provider"
- Reply: David Lozzi: "Re: Best Authentication Provider"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
