473,425 Members | 1,669 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > intranet login using aspdotnet (advice)...

Join Bytes to post your question to a community of 473,425 software developers and data experts.

Intranet Login using ASPdotNET (advice)...

Hello, folks!

I am trying to design a login script / page for a set of administrative functions on my company's Intranet. I need something that is reasonably secure and I've been trying to rack my brains to come up with a scheme. These functions are for a bunch of look-up tables, a knowledge base, etc. I am looking for a little advice

I am thinking something along these lines:

default.aspx:
ViewState("Attempt") - count attempt (if > 3 then try again after session expires)
Session("Authenticated") - T or F
Username and Password stored in MSSQL 2000 database
User logs in.
If Session("Authenticated") = T
User gains access to admin pages...

Okay, not a terribly complicated design but how do I limit the scope of the Session object?
How do I set the session to expire in XX minutes?
How do I have the session automatically expire if the user exits their web browser or visits another site?
Should I use a Cache("...") object instead of Session("...") object?

I know these may be trivial to the gurus but I've been trying to find a decent model to follow for my login script.

TIA...
Nov 19 '05 #1
4 1506
I am trying to design a login script / page for a set of administrative
functions on my company's Intranet. I need something that is >reasonably
secure and I've been trying to rack my brains to come up with a scheme.
These functions are for a bunch of look-up tables, a >knowledge base, etc.
I am looking for a little advice


You should use ASP.NET forms authentication. See
http://msdn.microsoft.com/library/de...haspdotnet.asp
for more information.

Anders Norås
http://dotnetjunkies.com/weblog/anoras/
Nov 19 '05 #2
Eeediot:
Seems like you might be reinventing the wheel. Much of this functionality
has been partially or completely automated in .Net.

You should read a bit about FormsAuthentication
(http://www.4guysfromrolla.com/webtech/110701-1.shtml or a google search)

Also, you mentioned this was an intranet site, so WindowsAuthentication
might be even less work

Other than that, everything you are doing seems ok. What do you mean by
limit the scope of the session object? IT's currently limited to a specific
user, dunno how much narrower or wider you want/need to scope to be...but
chances are you don't.

You can set the Timeout property in the web.config <sessionState
mode="inProc" timeout="10" > (in minutes)
The only way to make the session automatically quit is to use javascript and
something like the onunload event
(http://msdn.microsoft.com/workshop/a...nts/onunload.a
sp) when the event fires, open up a popup which logs the user out and close
the popup at the end of processing.

You should use the Session object, the Cache object has a different
purpose... Having said that, I normally use formsauthentication which
maintains a cookie on the client (session does the same thing) and store a
userid in the cookie, I then use the Cache object to store the user
information....if you go your custom method though, session object makes
more sense 'cuz you'll already be making use of it

Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/
"The Eeediot" <ee*****@hotmail.com> wrote in message
news:5N********************@giganews.com...
Hello, folks!

I am trying to design a login script / page for a set of administrative
functions on my company's Intranet. I need something that is reasonably
secure and I've been trying to rack my brains to come up with a scheme.
These functions are for a bunch of look-up tables, a knowledge base, etc. I
am looking for a little advice

I am thinking something along these lines:

default.aspx:
ViewState("Attempt") - count attempt (if > 3 then try again after session
expires)
Session("Authenticated") - T or F
Username and Password stored in MSSQL 2000 database
User logs in.
If Session("Authenticated") = T
User gains access to admin pages...

Okay, not a terribly complicated design but how do I limit the scope of
the Session object?
How do I set the session to expire in XX minutes?
How do I have the session automatically expire if the user exits their web
browser or visits another site?
Should I use a Cache("...") object instead of Session("...") object?

I know these may be trivial to the gurus but I've been trying to find a
decent model to follow for my login script.

TIA...
Nov 19 '05 #3
Hi,

To learn more about security best practices with asp.net you should consult
the patterns and practices web site. I have posted the url below for you. I
believe that after you read this you will then be able to determine which
method of authentication is best for your model and how to properly implement
it.

I hope this helps.
-------------
http://msdn.microsoft.com/library/de...asp?frame=true

Nov 19 '05 #4
Thanks for the replies.

Some stuff I didn't quite know about.

That is why I posted to the group...
"The Eeediot" <ee*****@hotmail.com> wrote in message news:5N********************@giganews.com...
Hello, folks!

I am trying to design a login script / page for a set of administrative functions on my company's Intranet. I need something that is reasonably secure and I've been trying to rack my brains to come up with a scheme. These functions are for a bunch of look-up tables, a knowledge base, etc. I am looking for a little advice

I am thinking something along these lines:

default.aspx:
ViewState("Attempt") - count attempt (if > 3 then try again after session expires)
Session("Authenticated") - T or F
Username and Password stored in MSSQL 2000 database
User logs in.
If Session("Authenticated") = T
User gains access to admin pages...

Okay, not a terribly complicated design but how do I limit the scope of the Session object?
How do I set the session to expire in XX minutes?
How do I have the session automatically expire if the user exits their web browser or visits another site?
Should I use a Cache("...") object instead of Session("...") object?

I know these may be trivial to the gurus but I've been trying to find a decent model to follow for my login script.

TIA...
Nov 19 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

17
Internet vs Intranet
by: Jawahar Rajan | last post by:
All, I am working on a project that requires the companies clients to login to our web site. however for employees of the companies they do not want to have a login. But a lot of the asp pages...
ASP / Active Server Pages
1
Shopping cart question using paypal
by: madison | last post by:
Hi, I am trying to start a website using paypals shopping cart function. If i have 10 items and they sell out, how do I make it so the item is then listed as sold out. The next person would not...
HTML / CSS
1
Restricting Application to Public (Making an "intranet")
by: wrytat | last post by:
Hi! I'm very new to ASP.NET and really need some good advice from experts here. I'm creating a web application for my company now. This application has 2 parts. 1 part for the customers to...
ASP / Active Server Pages
4
Intranet and Integrated Windows Authentication
by: Andrew | last post by:
Hey all, I would like to preface my question by stating I am still learning ASP.net and while I am confident in the basics and foundation, the more advanced stuff is still a challenge. Ok....
ASP.NET
0
ASP.NET Intranet Application and Macintosh clients
by: microcosmos | last post by:
We have developed a web-based "intranet" application using ASP.NET, C# and SQL Server 2000, session management with State Server. This application will not be used on internet, just an intranet...
ASP.NET
2
getting HTTP 404 when access aspdotnet webservice in 2003 server
by: Praveen | last post by:
Hi All, I have made a webservice in C# and it works fine in my machine. I ran into a crazy problem when I wanted to deploy it in windows 2003 server. I have run "aspnet_regiis.exe -i" to make...
.NET Framework
7
ACCESS AN ACCESS DATABASE FROM ASP.NET INTRANET SCENARIO
by: =?Utf-8?B?a21jY29za2V5?= | last post by:
I'm trying to access an access database on the file server from a web server using asp.net and IIS 6.0. I can do it when I have anonymous access enabled in IIS 6.0 as in the public internet web...
ASP.NET
3
Intranet / IIS?
by: Rob Meade | last post by:
Hi all, This is a bit off topic I suspect, but I was hoping that most of you would know the answer... I want to have my IIS prompt for username/password credentials when a user browses to the...
ASP.NET
2
LeoTD
Send User Name and Password to the Intranet Site??
by: LeoTD | last post by:
Dear all, I have intranet site on Linux server using PHP where only people who have account can log in. My site has a link to another intranet side on IIS using PHP. This site...
PHP
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!