By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,919 Members | 1,047 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,919 IT Pros & Developers. It's quick & easy.

Authentification question

P: n/a
Hi!

I'm reading thru everything I could find on "user Authentification" topic.

There is couple of options ASP.NET suggest: Forms, Passport, etc...

My application is simple portal with forums and Online store will be added
in future.
It will be hosted using hosting provider (no way to setup security, etc..)

I don't see how I can use windows authentification (forms) in my
application.

Or may be I do not understand and this is just set of objects to make my
life easier?

By design my users will be restricted to viewing of page and I will be able
to give them permissions to specific modules, so they can edit info.

I don't see anything problematic here.

I'm planning on using Session object to keep user info. Is it safe?

Please give me links to any info on this topic or share your opinion on how
it's done best. I just don't understand wat this bookstalking about.
Looks like it is all for intranets/personally owned web servers.

Thanks!
Nov 17 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Steve,

I also was looking at this, but I don't understand how this will work for my
application.

I have 1 Page web application(portal). This is Default.aspx

DB describe "Pages" as to what modules loaded and where. All modules done as
user controls.

Baiscally Pages will be: Default.aspx or Default.aspx?PageKey=1,
Default.aspx?PageKey=2 and so on.

Login Module will be loaded on specific pages and I would like to display
Greeting or UN/PW fields.

How would I make forms authentification to work for this scenario?

TIA!

"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:uo**************@TK2MSFTNGP12.phx.gbl...
It sounds to me like Forms Authentication may be your best bet.
It is easily configured in your web.config file.
Here's more information:
http://www.dotnetbips.com/displayarticle.aspx?id=9

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
"Ivan Demkovitch" <i@d> wrote in message
news:OK**************@TK2MSFTNGP10.phx.gbl...
Hi!

I'm reading thru everything I could find on "user Authentification" topic.
There is couple of options ASP.NET suggest: Forms, Passport, etc...

My application is simple portal with forums and Online store will be added in future.
It will be hosted using hosting provider (no way to setup security, etc..)
I don't see how I can use windows authentification (forms) in my
application.

Or may be I do not understand and this is just set of objects to make my
life easier?

By design my users will be restricted to viewing of page and I will be

able
to give them permissions to specific modules, so they can edit info.

I don't see anything problematic here.

I'm planning on using Session object to keep user info. Is it safe?

Please give me links to any info on this topic or share your opinion on

how
it's done best. I just don't understand wat this bookstalking about.
Looks like it is all for intranets/personally owned web servers.

Thanks!


Nov 17 '05 #2

P: n/a
Steve,

Another thing. Wat if user's browser does not accept cookies. From what I
understand it has to place cookie.

How to go about it?

"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:uo**************@TK2MSFTNGP12.phx.gbl...
It sounds to me like Forms Authentication may be your best bet.
It is easily configured in your web.config file.
Here's more information:
http://www.dotnetbips.com/displayarticle.aspx?id=9

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
"Ivan Demkovitch" <i@d> wrote in message
news:OK**************@TK2MSFTNGP10.phx.gbl...
Hi!

I'm reading thru everything I could find on "user Authentification" topic.
There is couple of options ASP.NET suggest: Forms, Passport, etc...

My application is simple portal with forums and Online store will be added in future.
It will be hosted using hosting provider (no way to setup security, etc..)
I don't see how I can use windows authentification (forms) in my
application.

Or may be I do not understand and this is just set of objects to make my
life easier?

By design my users will be restricted to viewing of page and I will be

able
to give them permissions to specific modules, so they can edit info.

I don't see anything problematic here.

I'm planning on using Session object to keep user info. Is it safe?

Please give me links to any info on this topic or share your opinion on

how
it's done best. I just don't understand wat this bookstalking about.
Looks like it is all for intranets/personally owned web servers.

Thanks!


Nov 17 '05 #3

P: n/a
The cookie thing is no problem.
In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

As for the non-standard way you're putting all your pages into a single
page, that does make things a bit more difficult.
There's likely a way to get it to work, but it won't be nearly so automatic.
Your idea of using Session state to store permissions is starting to look
better.
There's not really anything wrong with that approach. That's pretty much
how we all had to do it in ASP.Old and it worked well enough in most cases.

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com

"Ivan Demkovitch" <i@d> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Steve,

Another thing. Wat if user's browser does not accept cookies. From what I
understand it has to place cookie.

How to go about it?

"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:uo**************@TK2MSFTNGP12.phx.gbl...
It sounds to me like Forms Authentication may be your best bet.
It is easily configured in your web.config file.
Here's more information:
http://www.dotnetbips.com/displayarticle.aspx?id=9

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
"Ivan Demkovitch" <i@d> wrote in message
news:OK**************@TK2MSFTNGP10.phx.gbl...
Hi!

I'm reading thru everything I could find on "user Authentification" topic.
There is couple of options ASP.NET suggest: Forms, Passport, etc...

My application is simple portal with forums and Online store will be added in future.
It will be hosted using hosting provider (no way to setup security, etc..)
I don't see how I can use windows authentification (forms) in my
application.

Or may be I do not understand and this is just set of objects to make my life easier?

By design my users will be restricted to viewing of page and I will be

able
to give them permissions to specific modules, so they can edit info.

I don't see anything problematic here.

I'm planning on using Session object to keep user info. Is it safe?

Please give me links to any info on this topic or share your opinion
on how
it's done best. I just don't understand wat this bookstalking about.
Looks like it is all for intranets/personally owned web servers.

Thanks!



Nov 17 '05 #4

P: n/a
Just looked at IBuySPy sample with Form's authentification (It's 1 page
sample portal)

It's funny because it looks like this Authentification used just to show how
to use it, but then every module
has code "if IsLogin==1". Looks like I need to write 1 simple class and go
with it.

Is there any real security issues that could be solved using this Forms
authentification or this is just a set of helping objects???


"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:u9**************@TK2MSFTNGP10.phx.gbl...
The cookie thing is no problem.
In your web.config file, in your sessionState tag, set the attribute
cookieless="true"

As for the non-standard way you're putting all your pages into a single
page, that does make things a bit more difficult.
There's likely a way to get it to work, but it won't be nearly so automatic. Your idea of using Session state to store permissions is starting to look
better.
There's not really anything wrong with that approach. That's pretty much
how we all had to do it in ASP.Old and it worked well enough in most cases.
--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
Hire top-notch developers at http://www.able-consulting.com

"Ivan Demkovitch" <i@d> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Steve,

Another thing. Wat if user's browser does not accept cookies. From what I
understand it has to place cookie.

How to go about it?

"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:uo**************@TK2MSFTNGP12.phx.gbl...
It sounds to me like Forms Authentication may be your best bet.
It is easily configured in your web.config file.
Here's more information:
http://www.dotnetbips.com/displayarticle.aspx?id=9

--
I hope this helps,
Steve C. Orr, MCSD
http://Steve.Orr.net
"Ivan Demkovitch" <i@d> wrote in message
news:OK**************@TK2MSFTNGP10.phx.gbl...
> Hi!
>
> I'm reading thru everything I could find on "user Authentification" topic.
>
> There is couple of options ASP.NET suggest: Forms, Passport, etc...
>
> My application is simple portal with forums and Online store will be

added
> in future.
> It will be hosted using hosting provider (no way to setup security,

etc..)
>
> I don't see how I can use windows authentification (forms) in my
> application.
>
> Or may be I do not understand and this is just set of objects to make my > life easier?
>
> By design my users will be restricted to viewing of page and I will
be able
> to give them permissions to specific modules, so they can edit info.
>
> I don't see anything problematic here.
>
> I'm planning on using Session object to keep user info. Is it safe?
>
> Please give me links to any info on this topic or share your opinion

on how
> it's done best. I just don't understand wat this bookstalking about.
> Looks like it is all for intranets/personally owned web servers.
>
> Thanks!
>
>



Nov 17 '05 #5

P: n/a
"Ivan Demkovitch" <i@d> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Just looked at IBuySPy sample with Form's authentification (It's 1 page
sample portal)

It's funny because it looks like this Authentification used just to show how to use it, but then every module
has code "if IsLogin==1". Looks like I need to write 1 simple class and go
with it.

Is there any real security issues that could be solved using this Forms
authentification or this is just a set of helping objects???


I'm not sure what you mean "any real security issues that could be solved".
I have several sites using Forms Authentication. None of them have "if
isLogin == 1" in them.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com
Nov 17 '05 #6

P: n/a
John,

I explained before, I have 1 Page portal. This page consists of "blocks" -
"modules"
Theese has to be controlled by security.

Thats why I'm saying that example of forms security (IBuySpy) probably
meaningless because they have same model like mine to start with.
I'm not sure what you mean "any real security issues that could be solved".

I don't know what tricks used by hackers and thats why I thought this forms
may offer somthing I can not accomplish with Session object and my code.

TIA
"John Saunders" <jo***********@surfcontrol.com> wrote in message
news:e3**************@TK2MSFTNGP09.phx.gbl... "Ivan Demkovitch" <i@d> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Just looked at IBuySPy sample with Form's authentification (It's 1 page
sample portal)

It's funny because it looks like this Authentification used just to show how
to use it, but then every module
has code "if IsLogin==1". Looks like I need to write 1 simple class and go with it.

Is there any real security issues that could be solved using this Forms
authentification or this is just a set of helping objects???


I'm not sure what you mean "any real security issues that could be

solved". I have several sites using Forms Authentication. None of them have "if
isLogin == 1" in them.
--
John Saunders
Internet Engineer
jo***********@surfcontrol.com

Nov 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.