Hi all,
I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.
What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.
I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.
What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?
It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.
Thanks for any helpful advice.
-- Ned 4 1792
Then you shouldn't have titled the thread best practice. Best
practice/correctness recommends you use the provided login controls over
your home grown remedies.
--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi all,
I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.
What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.
I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.
What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?
It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.
Thanks for any helpful advice.
-- Ned
I titled my post best practices because I want to know what the best
practices are, given my situation. Maybe I'm wrong, and the asp.net
login controls would work against an external LDAP -- if so, please
correct me.
Does anyone else have any advice that is actually helpful? I would
genuinely appreciate it.
-- Ned
Alvin Bruney [MVP] wrote:
Then you shouldn't have titled the thread best practice. Best
practice/correctness recommends you use the provided login controls over
your home grown remedies.
--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi all,
I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.
What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.
I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.
What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?
It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.
Thanks for any helpful advice.
-- Ned
I'm sure you could get the ASP.NET2.0 login controls to work with an
external LDAP because they are developed using providers, which you can
extend / override with your own versions (which would be able to communicate
with the external LDAP).
However, I was originally won over by this security model when I read up on
the changes in 2.0. Using them in one project, but then an additional
requirement to implement some functionality in a windows application came
up. At that point it appeared to me that Microsoft had broken another best
practise. These membership providers seem fairly tightly coupled into
ASP.NET, requiring another security implementation for windows forms. I
would have thought m/s should have provided security base classes that were
independant of application type, then UI classes in both windows and web
that use these base providers. Maybe that wouldn't be possible, or I've
missed how easy it would be to include my own version of this - but it
seemed a short coming to me at the time.
Hope that helps,
- Paul.
"Ned Balzer" <ne********@gmail.comwrote in message
news:11*********************@h48g2000cwc.googlegro ups.com...
>I titled my post best practices because I want to know what the best
practices are, given my situation. Maybe I'm wrong, and the asp.net
login controls would work against an external LDAP -- if so, please
correct me.
Does anyone else have any advice that is actually helpful? I would
genuinely appreciate it.
-- Ned
Alvin Bruney [MVP] wrote:
>Then you shouldn't have titled the thread best practice. Best practice/correctness recommends you use the provided login controls over your home grown remedies.
-- ________________________ Warm regards, Alvin Bruney [MVP ASP.NET]
[Shameless Author plug] Professional VSTO.NET - Wrox/Wiley The O.W.C. Black Book with .NET www.lulu.com/owc, Amazon Blog: http://www.msmvps.com/blogs/alvin -------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message news:11**********************@m73g2000cwd.googleg roups.com...
Hi all,
I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.
What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.
I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.
What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?
It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.
Thanks for any helpful advice.
-- Ned
Ned,
There is nothing wrong with building your own custom user authentication
into the application. I have been doing it for years I'm my web apps. The
downside is that you will have more code to write to make it truly secure.
Instead of using includes, make use of Master Pages in ASP.Net 2.0. You can
have a master page that contains general content that is used across the site
(navigation, header, footer, etc). This master page can also server as the
place for you validation routine.
If you do not require validation across the entire site, know that you can
have more than one master page (apparently they can even be nested).
If master pages does not work for you. The next best solution might be to
create a User Control (similar to Scriplets in classic ASP). In this case,
you would place the validation routine in the user control and then embed the
user control into any pages that require authentication.
Best of luck,
--
Steven Land
"Ned Balzer" wrote:
I titled my post best practices because I want to know what the best
practices are, given my situation. Maybe I'm wrong, and the asp.net
login controls would work against an external LDAP -- if so, please
correct me.
Does anyone else have any advice that is actually helpful? I would
genuinely appreciate it.
-- Ned
Alvin Bruney [MVP] wrote:
Then you shouldn't have titled the thread best practice. Best
practice/correctness recommends you use the provided login controls over
your home grown remedies.
--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi all,
>
I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.
>
What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.
>
I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.
>
What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?
>
It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.
>
Thanks for any helpful advice.
>
-- Ned
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: JStrummer |
last post by:
I have a question regarding paths and the include() statement in PHP.
I develop in a Windows environment and will be publishing to a Linux
server. I would like to do the following:
1. Setup my...
|
by: DrUg13 |
last post by:
In java, this seems so easy. You need a new object
Object test = new Object() gives me exactly what I want.
could someone please help me understand the different ways to do the
same thing in...
|
by: Matt Kruse |
last post by:
http://www.JavascriptToolbox.com/bestpractices/
I started writing this up as a guide for some people who were looking for
general tips on how to do things the 'right way' with Javascript. Their...
|
by: Mike Logan |
last post by:
I am using the "contract first" design methodology. Contract First is design
the WSDL first then design the server and client. However I must design my
XSD/XML Schema before anything.
I am...
|
by: Marc Gravell |
last post by:
Kind of an open question on best-practice for smart-client design. I'd
really appreciate anyones views (preferably with reasoning, but I'll take
what I get...). Or if anybody has any useful links...
|
by: Ren |
last post by:
Hi All,
I'm still rather new at vb.net and would like to know the proper way to access
private varibables in a class. Do I access the variable directly or do I use
the public property?
...
|
by: Rex |
last post by:
Hi All - I have a question that I think MIGHT be of interest to a
number of us developers. I am somewhat new to VIsual Studio 2005 but
not new to VB. I am looking for ideas about quick and...
|
by: kbutterly |
last post by:
All,
I have a menu which contains Category as the master and Product as the
child.
When I click on a Category in the menu, I want one formView control,
fvpc, to show, and then when I click on...
|
by: Frank Millman |
last post by:
Hi all
This is not strictly a Python question, but as I am writing in Python,
and as I know there are some XML gurus on this list, I hope it is
appropriate here.
XML-schemas are used to...
|
by: lllomh |
last post by:
Define the method first
this.state = {
buttonBackgroundColor: 'green',
isBlinking: false, // A new status is added to identify whether the button is blinking or not
}
autoStart=()=>{
|
by: Aliciasmith |
last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
|
by: tracyyun |
last post by:
Hello everyone,
I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
|
by: NeoPa |
last post by:
Hello everyone.
I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report).
I know it can be done by selecting :...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
|
by: Teri B |
last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course.
0ne-to-many. One course many roles.
Then I created a report based on the Course form and...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM)
Please note that the UK and Europe revert to winter time on...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
|
by: isladogs |
last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, Mike...
| |