| re: Converting from asp to asp.net / security
Thanks Gregory,
How would that relate to my situation of an existing database of 1000+
users?
The database would need to remain, and the users login.
Im just still not to sure what happens next :-)
Forms authentication in the config file would accomodate this and then
wouldnt require me adding further protection to my converted asp pages?
(other than removing the existing protection :)
"Cowboy (Gregory A. Beamer) - MVP" <NoSpamMgbworld@comcast.netNoSpamM> wrote
in message news:B0AFB781-F9A1-4742-B01E-583E7933195C@microsoft.com...[color=blue]
> With .NET, you can do one of two things:
>
> 1. Set the application up as secure and exclude specific pages from a[/color]
login[color=blue]
> 2. Set the application up as insecure and force the user to log in for
> specific pages
>
> In addition, config files cascade, so you can set up specific locations as
> secure by either creating applications under your main application or[/color]
setting[color=blue]
> up .config files for specific directories.
>
> Bearing this in mind, it is as easy as setting up a authentication method
> and forcing users to authenticate to avoid the session("logged_in") check.[/color]
It[color=blue]
> takes a few seconds in the web.config file to set this up and you gain a
> benefit hard (or perhaps harder) to achieve in ASP: The user can bookmark[/color]
a[color=blue]
> specific page and be thrown to login, then redirected back to the page
> (without any code on your part).
>
> The biggest, largely unspoken, caveat is you should have a page called
> default.aspx in your application for people who bookmark the login page.
> Otherwise, it has nowhere to redirect and goes to a hard-coded[/color]
default.aspx,[color=blue]
> causing an error.
>
> ---
>
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
>
> ***************************
> Think Outside the Box!
> ***************************
>
> "Dave" wrote:
>[color=green]
> > Hi, Im considering converting a legacy application from asp to aspx[/color][/color]
(vb) -[color=blue][color=green]
> > just for the purpose of learning (Im new at .net, but experienced at
> > vbscript)
> >
> > What I need to get my head around, is page security.
> > Currently this app has a database login which sets session values for
> > username etc
> >
> > Pages within this web are then protected by the usual "If
> > session("loggedin") = true then..." kind of code.
> >
> > I can continue the same sort of logic with an aspx page, but should I?
> > Is there a better / more efficient way to take the users existing[/color][/color]
database[color=blue][color=green]
> > login and use it for page access? Use the web.config file as well /[/color][/color]
instead[color=blue][color=green]
> > of?
> > What would be the best practice to do that ?
> >
> > Thanks!
> >
> >
> >
> >[/color][/color]
| 
