473,378 Members | 1,314 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > account creation and security

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Account Creation and Security

Hi

I'm trying to design a web application where people can create user Ids and
passwords while signing up and then use that information to login to an
account. (I know, very basic). I just can't get my mind around how to make
this system most secure. the user id and password is verified at the time of
logging in and at that point, I would like to create something like a session
key before openning the new page. I basically don't want to start the new
page by passing regular parameters through the URL because that's very easy
to manipulate and break. Can someone give me some information about creating
a secure system like this and/or forward me some useful sources?? btw.. I'm
using, IIS as my server, ASP.Net and VB.Net.

Thanks

Farsad

Nov 19 '05 #1
2 989
Farsad,

You should consider employing form authentication. Google the
FormsAuthentication object, there is a extensive information on the web for
this.

I use both FormsAuthentication.SetAuthCookie and
FormsAuthentication.RedirectFromLoginPage methods on different applications.
With forms authentication, you designate a page that is accessible to all
users. Until the user is authenticated, he cannot access other pages in the
application.

I hope this helps, good luck!
Curt

"farsad nasseri" <fa***********@discussions.microsoft.com> wrote in message
news:DF**********************************@microsof t.com...
Hi

I'm trying to design a web application where people can create user Ids
and
passwords while signing up and then use that information to login to an
account. (I know, very basic). I just can't get my mind around how to make
this system most secure. the user id and password is verified at the time
of
logging in and at that point, I would like to create something like a
session
key before openning the new page. I basically don't want to start the new
page by passing regular parameters through the URL because that's very
easy
to manipulate and break. Can someone give me some information about
creating
a secure system like this and/or forward me some useful sources?? btw..
I'm
using, IIS as my server, ASP.Net and VB.Net.

Thanks

Farsad

Nov 19 '05 #2

If security is really an issue you should consider using SSL
that is about the only way to protect session hijacking etc.

NTLM is also pretty good but managing the accounts can be
a pain

a nice solution is to use your own basic authentication over ssl
this allows you to manage and use the user database as you wish
whilst skipping getting involved in windows authentication
and letting users login using the login prompt in browsers and save
their passwords if they wish, plus you get to use the realm parameter
to say something cool !

all you need to do it is read up on www-authenticate header and base64
encoding
this also allows for "roaming web sessions" - where one of your
customers can
login at home and then later at work and still be in the same session
(ie: his
shopping basket has the same products in as at home)

it is the slickest solution outside of ntlm

Nov 19 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
ASP.NET User Account
by: picopirate | last post by:
I just realized that I have a ASP.NET user account set up on my machine. Ummm I dont remember being notified of a creation of any accounts when I downloaded the .net framework. I believe thats...
.NET Framework
22
How to run aspnet with system account
by: Zeng | last post by:
Hi, I'm running ClrProfiler for the first time to profile my web app, and it keeps getting stuck at this msg box: "Waiting for Asp.net to start common language runtime - this is the time to load...
.NET Framework
18
How to run aspnet with system account
by: Zeng | last post by:
Hi, I'm running ClrProfiler for the first time to profile my web app, and it keeps getting stuck at this msg box: "Waiting for Asp.net to start common language runtime - this is the time to load...
C# / C Sharp
22
How to run aspnet with system account
by: Zeng | last post by:
Hi, I'm running ClrProfiler for the first time to profile my web app, and it keeps getting stuck at this msg box: "Waiting for Asp.net to start common language runtime - this is the time to load...
ASP.NET
1
ASP.NET User Account
by: picopirate | last post by:
I just realized that I have a ASP.NET user account set up on my machine. Ummm I dont remember being notified of a creation of any accounts when I downloaded the .net framework. I believe thats...
.NET Framework
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!