Re: Best Authentication Provider

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 07/21/05 

Date: Wed, 20 Jul 2005 15:08:02 -0700

Hello David,

you could stuff them in the cookie (see my SetAuthCookie method) - but keep
in mind that a cookie is limited to 4KB)

System.Web.Cache would be another option...

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I said I can't seem to pull the other data, that is because I can't
> seem to add it.
>
> "David Lozzi" <dlozzi@(removethis)delphi-ts.com> wrote in message
> news:%23P5nSXVjFHA.3544@TK2MSFTNGP15.phx.gbl...
>
>> Thank you for your help! It helped a lot. I got my sample app here:
>>
>> users are redirected to login.aspx. After entering username and
>> password, formsauthentication is taken care of and cookies and all
>> that stuff. After this is happy, it then redirects the user to
>> default.aspx, at which point I can pull the user's username
>> (context.user.identity.name).
>>
>> I can't seem to figure out how to pull the remaining information
>> about the user, security level, full name, email addy, etc. This is
>> usually stored in a session state but I see no session info in this.
>> I can think of one possible solution, and that would be to query the
>> database everytime I needed this information. Is this a good idea? Is
>> this better than a session state?
>>
>> Thanks!
>>
>> David Lozzi
>>
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:621141632574614842703824@news.microsoft.com...
>>
>>> Hello David,
>>>
>>> inline
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Howdy,
>>>>
>>>> I've written a few apps already and I have done custom
>>>> authentication like so: prompt for user name and password, verify
>>>> information against SQL table, then load returned username, ID,
>>>> security, etc. into session state. This works and frankly I'm not
>>>> sure why i'm posting this except for that I want to be 'correct' in
>>>> my apps.
>>>>
>>>> I notice .Net supports Authentication Modes. Which is the better
>>>> one to use? I have a basic understanding of each provider and it
>>>> appears that the Forms Authentication Provider is the preferred
>>>> method? Using Forms, how do I specify the database table in SQL to
>>>> use? Also, once validated, it loads the user information into a
>>>> cookie for later retrieval. Can I load more information into this
>>>> cookie, like custom security levels, etc. Currently, I basically
>>>> have a range from 1 through 10 specifying security levels, will
>>>> this still work or does Forms process security itself?
>>>>
>>> You do that manually - you have to provide a login page - and handle
>>> the login button click event - then you go to a datastore and
>>> validate credentials. The authentication cookie contains a
>>> 'UserData' field where you can store arbitrary additional
>>> information, e.g. Roles or what you call Security Levels. Upon each
>>> request then you create a IPrincipial implementation and attach it
>>> to the current thread.
>>>
>>>> Same questions with Windows Auth. I've used Windows Auth in some
>>>> legacy ASP apps and was able to determin security levels by a users
>>>> membership to domain groups. Does this provider work the same? How
>>>> do I read the security information?
>>>>
>>> Regardless of what AuthType you use - the IPrincipal which is
>>> accessible through Page.User or Context.User contains a IsInRole("")
>>> method to query role membership
>>>
>>> i have a full working example of FormsAuth on my blog - this should
>>> get you started..feel free to ask more questions after you looked at
>>> the code.
>>> http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f
>>> -98d0-bc8cfbec4c3a
>>>
>>>> Eh, PassPort is cool but I not necessary for me so I don't care
>>>> enough to ask.
>>>>
>>>> I've been reading through MSDN articles pertaining to these but my
>>>> questions can't seem to get answered with MS Docs. Any help and
>>>> clarity is greatly appreciated!
>>>>
>>>> Thanks!
>>>>
>>>> David Lozzi
>>>>