472,958 Members | 1,475 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,958 software developers and data experts.

best practice asp.net 2.0 approach for includes

Hi all,

I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.

What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.

I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.

What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?

It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.

Thanks for any helpful advice.

-- Ned

Jul 20 '06 #1
4 1792
Then you shouldn't have titled the thread best practice. Best
practice/correctness recommends you use the provided login controls over
your home grown remedies.

--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET
www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi all,

I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.

What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.

I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.

What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?

It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.

Thanks for any helpful advice.

-- Ned

Jul 21 '06 #2
I titled my post best practices because I want to know what the best
practices are, given my situation. Maybe I'm wrong, and the asp.net
login controls would work against an external LDAP -- if so, please
correct me.

Does anyone else have any advice that is actually helpful? I would
genuinely appreciate it.

-- Ned
Alvin Bruney [MVP] wrote:
Then you shouldn't have titled the thread best practice. Best
practice/correctness recommends you use the provided login controls over
your home grown remedies.

--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET
www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi all,

I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.

What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.

I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.

What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?

It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.

Thanks for any helpful advice.

-- Ned
Jul 21 '06 #3
I'm sure you could get the ASP.NET2.0 login controls to work with an
external LDAP because they are developed using providers, which you can
extend / override with your own versions (which would be able to communicate
with the external LDAP).

However, I was originally won over by this security model when I read up on
the changes in 2.0. Using them in one project, but then an additional
requirement to implement some functionality in a windows application came
up. At that point it appeared to me that Microsoft had broken another best
practise. These membership providers seem fairly tightly coupled into
ASP.NET, requiring another security implementation for windows forms. I
would have thought m/s should have provided security base classes that were
independant of application type, then UI classes in both windows and web
that use these base providers. Maybe that wouldn't be possible, or I've
missed how easy it would be to include my own version of this - but it
seemed a short coming to me at the time.

Hope that helps,

- Paul.

"Ned Balzer" <ne********@gmail.comwrote in message
news:11*********************@h48g2000cwc.googlegro ups.com...
>I titled my post best practices because I want to know what the best
practices are, given my situation. Maybe I'm wrong, and the asp.net
login controls would work against an external LDAP -- if so, please
correct me.

Does anyone else have any advice that is actually helpful? I would
genuinely appreciate it.

-- Ned
Alvin Bruney [MVP] wrote:
>Then you shouldn't have titled the thread best practice. Best
practice/correctness recommends you use the provided login controls over
your home grown remedies.

--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET
www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message
news:11**********************@m73g2000cwd.googleg roups.com...
Hi all,

I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.

What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.

I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.

What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?

It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.

Thanks for any helpful advice.

-- Ned

Jul 21 '06 #4
Ned,

There is nothing wrong with building your own custom user authentication
into the application. I have been doing it for years I'm my web apps. The
downside is that you will have more code to write to make it truly secure.

Instead of using includes, make use of Master Pages in ASP.Net 2.0. You can
have a master page that contains general content that is used across the site
(navigation, header, footer, etc). This master page can also server as the
place for you validation routine.

If you do not require validation across the entire site, know that you can
have more than one master page (apparently they can even be nested).

If master pages does not work for you. The next best solution might be to
create a User Control (similar to Scriplets in classic ASP). In this case,
you would place the validation routine in the user control and then embed the
user control into any pages that require authentication.

Best of luck,
--
Steven Land
"Ned Balzer" wrote:
I titled my post best practices because I want to know what the best
practices are, given my situation. Maybe I'm wrong, and the asp.net
login controls would work against an external LDAP -- if so, please
correct me.

Does anyone else have any advice that is actually helpful? I would
genuinely appreciate it.

-- Ned
Alvin Bruney [MVP] wrote:
Then you shouldn't have titled the thread best practice. Best
practice/correctness recommends you use the provided login controls over
your home grown remedies.

--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET
www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin
-------------------------------------------------------
"Ned Balzer" <ne********@gmail.comwrote in message
news:11**********************@m73g2000cwd.googlegr oups.com...
Hi all,
>
I am pretty new to asp.net; I've done lots of classic asp, but am just
beginning to get my mind wrapped around .net.
>
What I'd like to do is include some code that tests if a user is logged
in, on each and every page, and redirects the user to a login page if
s/he's not logged in. The login page will also take care of some
standard setup, such as choosing/populating a user profile. I used to
use <!-- #include ... --for this, but I understand that's not the way
to do it in .net.
>
I am not interested in using the .net 2.0 login controls, because our
university already has some standard tools for authentication against
university-wide (non-Microsoft) LDAP.
>
What is the best practice approach for this? I've read various threads
on this forum about .ascx user controls. I think I want to override
page_load() -- is that correct? But the page_load() subroutine will
also often need to perform some page-specific tasks. Is there an
approach that uses master pages?
>
It seems like one of those cases where there are a hundred ways to do
something, but various ways may have some advantages or disadvantages.
>
Thanks for any helpful advice.
>
-- Ned
>

Jul 21 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: JStrummer | last post by:
I have a question regarding paths and the include() statement in PHP. I develop in a Windows environment and will be publishing to a Linux server. I would like to do the following: 1. Setup my...
11
by: DrUg13 | last post by:
In java, this seems so easy. You need a new object Object test = new Object() gives me exactly what I want. could someone please help me understand the different ways to do the same thing in...
136
by: Matt Kruse | last post by:
http://www.JavascriptToolbox.com/bestpractices/ I started writing this up as a guide for some people who were looking for general tips on how to do things the 'right way' with Javascript. Their...
10
by: Mike Logan | last post by:
I am using the "contract first" design methodology. Contract First is design the WSDL first then design the server and client. However I must design my XSD/XML Schema before anything. I am...
3
by: Marc Gravell | last post by:
Kind of an open question on best-practice for smart-client design. I'd really appreciate anyones views (preferably with reasoning, but I'll take what I get...). Or if anybody has any useful links...
10
by: Ren | last post by:
Hi All, I'm still rather new at vb.net and would like to know the proper way to access private varibables in a class. Do I access the variable directly or do I use the public property? ...
16
by: Rex | last post by:
Hi All - I have a question that I think MIGHT be of interest to a number of us developers. I am somewhat new to VIsual Studio 2005 but not new to VB. I am looking for ideas about quick and...
2
by: kbutterly | last post by:
All, I have a menu which contains Category as the master and Product as the child. When I click on a Category in the menu, I want one formView control, fvpc, to show, and then when I click on...
5
by: Frank Millman | last post by:
Hi all This is not strictly a Python question, but as I am writing in Python, and as I know there are some XML gurus on this list, I hope it is appropriate here. XML-schemas are used to...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
0
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
0
tracyyun
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
4
NeoPa
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
3
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
1
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
0
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
0
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.