RE: Forms Authentication Using SQL Server 2000 Database

---

• From: WhiskeyRomeo <WhiskeyRomeo@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 11 Sep 2007 09:10:06 -0700

---

"WhiskeyRomeo" wrote:

I have looked at this example and it uses the webconfig file as the external
datasource. So that was totally unhelpful.

http://www.aspnettutorials.com/tutorials/validation/authentication-aspnet2-vb.aspx

I have a 1.1 Login form that implements forms authentication that obviously
will not convert to VS 2005. It uses a sqlcommand to verify the username and
password and if validated retrieves certain information about the user via a
datareader.

Does anyone have a real world example using SQLServer 2000 or 2005?

WR

I wanted to add I uses roles and here is my webconfig file settings for the
1.1 application:

<authentication mode="Forms">
<!-- old setting was Windows -->
<forms name="UPAuth" loginUrl="login.aspx" slidingExpiration="true"
protection="All" timeout="20" path="/">
<credentials passwordFormat="Clear">
</credentials>
</forms>
</authentication>
<location path="Admin">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Admin" />
<deny roles="Photog,Super,Public" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="Super">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Super,Admin" />
<deny roles="Photog,Public" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="Reports">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Super,Admin,Photog" />
<deny roles="Public" />
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="Public">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Super,Admin,Public" />
<deny roles="Photog" />
<deny users="?" />
</authorization>
</system.web>
</location>



.

---

• Follow-Ups:
  • RE: Forms Authentication Using SQL Server 2000 Database
    • From: WhiskeyRomeo

• Prev by Date: Re: Session data loss during user logged session
• Next by Date: Security provider for Oracle
• Previous by thread: Re: Session data loss during user logged session
• Next by thread: RE: Forms Authentication Using SQL Server 2000 Database
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Stupid Forms Auth Question ... You seem to have forgotten to put in the "authorization" section of the ... > I've built a login form for a very simple website using C#/ASP.NET. ... > And here's the problem - I can bypass the login screen and get to other ... For example, when the credentials are ... (microsoft.public.dotnet.framework.aspnet.security) RE: Forms Authentication Using SQL Server 2000 Database ... datasource. ... So that was totally unhelpful. ... I have a 1.1 Login form that implements forms authentication that obviously ... (microsoft.public.dotnet.framework.aspnet.security) asp.net vulnerability ... From: Windows NTBugtraq Mailing List ... More details on ASP.NET vulnerability ... There has been some confusion with the ASP.NET forms authentication issue ... authorization issue, not an authentication issue. ... (microsoft.public.sharepoint.portalserver) Re: application pool custom identity ... Kerberos becomes a possibility when the web server is in a Domain, ... The problem happens when the browser/server selects Kerberos authentication, ... LocalSystem credentials will work for Kerberos; custom AppPool Identity ... Authorization. ... (microsoft.public.inetserver.iis) Re: Kerberos OpenLDAP Frontend ... Jonathan Javier Cordoba Gonzalez wrote: ... but then you are mixing the authentication with the authorization. ... A KDC with passwords and LDAP ... (comp.protocols.kerberos)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2007-09