473,473 Members | 1,854 Online

Sign in
Join

Home Posts Topics Members FAQ

Question about membership/security

I am creating an ASP.NET 2.0 website. Rather than using all the membership
functions I wanted to just create my own SQL Server db and use SESSION vars
to track if the user is logged in etc...

Is doing it in this way just as secure? I know that the "membership" stuff
will save me some coding, but I was just thinking....

Thanks.

Jun 27 '08 #1

Subscribe Reply

1

931

Cowboy \(Gregory A. Beamer\)

"Cirene" <ci****@nowhere.comwrote in message
news:e6**************@TK2MSFTNGP03.phx.gbl...

>I am creating an ASP.NET 2.0 website. Rather than using all the membership
functions I wanted to just create my own SQL Server db and use SESSION vars
to track if the user is logged in etc...

If you have a custom database schema you wish to use, you can still use
Membership. Just create your own custom provider.

Is doing it in this way just as secure?

The Session stuff is encrypted, so it should be secure enough. The
Membership bits still send encrypted information to the client, so it is
probably pretty equivalent.

I know that the "membership" stuff will save me some coding, but I was
just thinking....

A lot of coding. A lot of missed bugs. Etc.

Before rewriting the entire authentication system, I would look at creating
your own custom provider.
http://www.devx.com/asp/Article/29256
http://www.15seconds.com/issue/050216.htm

Google "Custom Membership Provider" and you should find a lot of additional
articles.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://gregorybeamer.spaces.live.com/lists/feed.rss

or just read it:
http://gregorybeamer.spaces.live.com/

*************************************************
| Think outside the box!
|
*************************************************

Jun 27 '08 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

<asp:PasswordRecovery -- remove security question

by: David R. | last post by:

Is there a way to remove the security question step from the Password Recovery control? i.e. I just want the user to enter the username and have the password emailed to him immediately. No need...

Disabling ASP.net 2.0 Membership

by: Paul Keegstra | last post by:

Hi, I am currently working on an asp.net 2.0 web site that is a replacement of a classic asp web site. The current web site uses a Commerce Server 2002 database for storing user information. ...

MemberShip Question

by: Pony Tsui | last post by:

I was install the starter kits CLUB, and created a CLUB WEB SITE, this application use the MemberInfo table in club.mdf to store the membership'data, but i can not find out where to define or...

How to Change Membership provider during runtime

by: Balaji | last post by:

Hi All, Can I use more than one membership provider for a given website? I understand only one of them could be default one. If yes, then how to programmatically access the other membership...

Dynamic Membership Provider

by: ryan.mclean | last post by:

Hello everyone, I am wondering, can the membership provider be changed at runtime? Perhaps the connectionStringName? I would like to use a different database based on the server the site is...

This Membership Provider has not been configured to support password retrieval.

by: Ben | last post by:

Hi, When an anonymous user has created an new account (with the CreateUserWizard control), i want to let asp.net generate a password and to send it to the address of the email provided by the...

A definitely weird thing with Sql Membership Provider

by: drjack | last post by:

Recently I developed a website using asp.net and SQL Express. The database file is uploaded into App_Data folder. The website is using two membership providers, one is SqlMemership provider with...

How to remove Security Question and Security Answer from membership provider?

by: vincent90152900 | last post by:

How to remove Security Question and Security Answer from membership provider? Following is my codes. Please tell me how to remove Question and Answer from membership provider. Thank you for...

Membership permissions after publishing an ASP.NET Membership site.

by: Tino Donderwinkel | last post by:

Hi all, I have create a simple ASP.NET site that uses the ASP.NET Membership components. It uses a SQL Server as a provider. The application works fine when it's running on my own machine. ...

Adding security question/answer check to ASP.NET *ChangePassword* control

by: Ken Fine | last post by:

I want to add the security question and answer security feature to the ChangePassword control. I am aware that this functionality is built into the PasswordRecovery tool. I have implemented the...

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap

Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us