473,738 Members | 2,009 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Forms Authentication vs MembershipProvi der

Having now created a Custom MembershipProvi der that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.

The next stange is to move on to the creation of content which adjusts based
on the user.

I have several pages which require a user to be logged on and several which
do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages requiring
authentication were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory
Jul 16 '08 #1
5 3564
Study the LoginView class

"Rory Becker" <ro********@new sgroup.nospamwr ote in message
news:3a******** *************** ***@news.micros oft.com...
Having now created a Custom MembershipProvi der that seems to work
correctly with my Logon and ChangePassword controls, I am, as they say, a
happy bunny.
The next stange is to move on to the creation of content which adjusts
based on the user.

I have several pages which require a user to be logged on and several
which do not. Prior to this point in time I have used 2 different master
pages. one with a control which checks a session variable to determine
logged on or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring authentication were in one folder and pages not requiring
authentication were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using? 2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory

Jul 16 '08 #2
Hi Rory,

First, I'm glad that you've got custom membership provider working, great
progress :)

For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to make
some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?

For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1.1 ..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using membershp.
And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You can
also use membershp service without using Forms authentication.

Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.
#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx

#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources
http://weblogs.asp.net/scottgu/archi...Membership_2C0
0_-Roles_2C00_-Forms-Authentication_ 2C00_-and-Security-Resources-.aspx
Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <locationelemen t in web.config file to specify the
authorization setting for a particular url (such as a sub folder or a
parituclar page).

#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorizatio n>
setting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsof t.com.

=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3a************ **************@ news.microsoft. com>
From: Rory Becker <ro********@new sgroup.nospam>
Subject: Forms Authentication vs MembershipProvi der
>The next stange is to move on to the creation of content which adjusts
based
>on the user.

I have several pages which require a user to be logged on and several
which
>do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring
>authenticati on were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory
>
Jul 17 '08 #3
Hi Rory,

Does the information in previous messages help you some or do you still
have any questions about the forms authentication or membership service? If
so, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsof t.com.

=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
=============== =============== =============== =====
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: st*****@online. microsoft.com (Steven Cheng [MSFT])
Organization : Microsoft
Date: Thu, 17 Jul 2008 06:02:22 GMT
Subject: RE: Forms Authentication vs MembershipProvi der
>
Hi Rory,

First, I'm glad that you've got custom membership provider working, great
progress :)

For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to
make
>some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?

For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1. 1..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton ) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using
membershp.
>

And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You
can
>also use membershp service without using Forms authentication.

Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.
#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx

#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
Resources
>http://weblogs.asp.net/scottgu/archi...-Membership_2C
0
>0_-Roles_2C00_-Forms-Authentication_ 2C00_-and-Security-Resources-.aspx
Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <locationelemen t in web.config file to specify the
authorizatio n setting for a particular url (such as a sub folder or a
parituclar page).

#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorizatio n>
setting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microso ft.com.

============== =============== =============== ======
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ault.aspx#noti
f
>ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
============== =============== =============== ======
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>>Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3a************ **************@ news.microsoft. com>
From: Rory Becker <ro********@new sgroup.nospam>
Subject: Forms Authentication vs MembershipProvi der
>>The next stange is to move on to the creation of content which adjusts
based
>>on the user.

I have several pages which require a user to be logged on and several
which
>>do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring
>>authenticatio n were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the
Provider
>>model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory
>>

Jul 21 '08 #4
Hello Steven Cheng [MSFT],
Hi Rory,

Does the information in previous messages help you some or do you
still have any questions about the forms authentication or membership
service? If so, please feel free to post here.
Sorry for the delay in responding Steven. Work tends to throw me in different
directions at strange times.

I am currently stuck trying to rearrange our sourcecontrol systems so that
we might suitably branch our source for experimentation in areas such as
this. Hopefully I will be past those issues soon.

Your post has certainly given me food for thought, thanks for that. (No really...
I mean that :) )

Unfortunately it looks like, once again, I am about to be diverted to other
concerns. I will revisit this thread if I have any further questions.

Thanks once again for you help

--
Rory
Jul 21 '08 #5
Thanks for your quick reply Rory,

Sure, no problem. I can understand that it's really hard to manage all the
things when there are so many tasks concurrently. Anyway, please feel free
to post here whenever you continue work on this and need any help.

Good luck!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsof t.com.

=============== =============== =============== =====
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

--------------------
>Date: Mon, 21 Jul 2008 08:57:44 +0000 (UTC)
Message-ID: <3a************ **************@ news.microsoft. com>
From: Rory Becker <ro********@new sgroup.nospam>
Subject: RE: Forms Authentication vs MembershipProvi der
>
Hello Steven Cheng [MSFT],
>Hi Rory,

Does the information in previous messages help you some or do you
still have any questions about the forms authentication or membership
service? If so, please feel free to post here.

Sorry for the delay in responding Steven. Work tends to throw me in
different
>directions at strange times.

I am currently stuck trying to rearrange our sourcecontrol systems so that
we might suitably branch our source for experimentation in areas such as
this. Hopefully I will be past those issues soon.

Your post has certainly given me food for thought, thanks for that. (No
really...
>I mean that :) )

Unfortunatel y it looks like, once again, I am about to be diverted to
other
>concerns. I will revisit this thread if I have any further questions.

Thanks once again for you help

--
Rory
>
Jul 21 '08 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
4834
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
.NET Framework
3
4870
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be protected by forms authentication. When I create forms authentication at root level it works but when I move my code up to the subfolder I get this error: Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
ASP.NET
2
2513
Forms Authentication question: How to have some pages open and some requiring forms authentication
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having trouble getting the web.config to work properly. First I tried to have a second web.config in the sub directory with authentication and authorization set to forms, but it blew up. Next, I tried to modify the root web.config in the following manner...
ASP.NET
0
4240
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET Applications and owner of Access Microsystems. Doug can be reached at doug@accessmicrosystems.com. --------------------------------------------------------------------------------
ASP.NET
5
2552
Custom MembershipProvider and required trust levels
by: Graham | last post by:
I have created a custom MembershipProvider called "LassieMembershipProvider" that derives from "MembershipProvider". This providor is located in a Businesslogic layer dll called "Enlighten.LinkMad.Businesslogic". In one of my frontend websites I use this type to authenticate a user who is trying to login. The following excerpt is from the web.config of the particular site showing the reference to the custom provider, allowing .Net to do...
ASP.NET
2
1040
Users and authentication
by: mrajanikrishna | last post by:
Hello friends, I am new to dotNETand familier with classic ASP. I've one doubt regarding users. I am developing an application. In which i want to authenticate users and logged in which is valid. I've read that ASP.NET authentication is fast and secure.
ASP.NET
8
5288
Problems With Custom RoleProvider and Forms Authentication
by: Tomasz | last post by:
Hello Developers! I have an interesting problem using my custom MembershipProvider, RoleProvider and Forms Authentication. Both MembershipProvider and RoleProvider require session state, where some very important context data are stored during the Session_Start event. My MembershipProvider and RoleProvider depend on this information. It seems that authentication process works with no problems.
ASP.NET
1
1144
Help with authentication
by: Peps | last post by:
Hello, I'm just starting to learn VB.NET and I would like your advice in setting up authentication. I'm trying to build a site that will capture a user's domain credentials and have it check against a database to see if that account exist. If it does, allow that user access (automatically) to the site. If not, redirect them to a page where they can enter their registration info.
.NET Framework
3
3535
Forms Authentication non-persistent cookie not expiring after closingthe browser
by: rh.krish | last post by:
I have a typical ASP.NET 2.0 Forms authentication application which authenticates against Active Directory. I use non-persistent cookie so that the user is NOT remembered across browser sessions. The timeout is set to 10 minutes. Here is the important code snippets that I took from my original code: string roleToCheck = .....; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, member.UserName, DateTime.Now,...
ASP.NET
0
8968
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9334
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9259
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9208
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
6750
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4569
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4824
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
2744
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2193
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us