473,242 Members | 1,461 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,242 software developers and data experts.

Forms Authentication vs MembershipProvider

Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.

The next stange is to move on to the creation of content which adjusts based
on the user.

I have several pages which require a user to be logged on and several which
do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages requiring
authentication were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory
Jul 16 '08 #1
5 3506
Study the LoginView class

"Rory Becker" <ro********@newsgroup.nospamwrote in message
news:3a**************************@news.microsoft.c om...
Having now created a Custom MembershipProvider that seems to work
correctly with my Logon and ChangePassword controls, I am, as they say, a
happy bunny.
The next stange is to move on to the creation of content which adjusts
based on the user.

I have several pages which require a user to be logged on and several
which do not. Prior to this point in time I have used 2 different master
pages. one with a control which checks a session variable to determine
logged on or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring authentication were in one folder and pages not requiring
authentication were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using? 2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory

Jul 16 '08 #2
Hi Rory,

First, I'm glad that you've got custom membership provider working, great
progress :)

For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to make
some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?

For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1.1..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using membershp.
And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You can
also use membershp service without using Forms authentication.

Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.
#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx

#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources
http://weblogs.asp.net/scottgu/archi...Membership_2C0
0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <locationelement in web.config file to specify the
authorization setting for a particular url (such as a sub folder or a
parituclar page).

#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorization>
setting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3a**************************@news.microsoft.com >
From: Rory Becker <ro********@newsgroup.nospam>
Subject: Forms Authentication vs MembershipProvider
>The next stange is to move on to the creation of content which adjusts
based
>on the user.

I have several pages which require a user to be logged on and several
which
>do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring
>authentication were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory
>
Jul 17 '08 #3
Hi Rory,

Does the information in previous messages help you some or do you still
have any questions about the forms authentication or membership service? If
so, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: st*****@online.microsoft.com (Steven Cheng [MSFT])
Organization: Microsoft
Date: Thu, 17 Jul 2008 06:02:22 GMT
Subject: RE: Forms Authentication vs MembershipProvider
>
Hi Rory,

First, I'm glad that you've got custom membership provider working, great
progress :)

For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to
make
>some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?

For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1.1..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using
membershp.
>

And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You
can
>also use membershp service without using Forms authentication.

Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.
#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx

#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
Resources
>http://weblogs.asp.net/scottgu/archi...-Membership_2C
0
>0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <locationelement in web.config file to specify the
authorization setting for a particular url (such as a sub folder or a
parituclar page).

#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorization>
setting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

================================================= =
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ault.aspx#noti
f
>ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
================================================= =
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>>Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3a**************************@news.microsoft.com >
From: Rory Becker <ro********@newsgroup.nospam>
Subject: Forms Authentication vs MembershipProvider
>>The next stange is to move on to the creation of content which adjusts
based
>>on the user.

I have several pages which require a user to be logged on and several
which
>>do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring
>>authentication were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the
Provider
>>model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory
>>

Jul 21 '08 #4
Hello Steven Cheng [MSFT],
Hi Rory,

Does the information in previous messages help you some or do you
still have any questions about the forms authentication or membership
service? If so, please feel free to post here.
Sorry for the delay in responding Steven. Work tends to throw me in different
directions at strange times.

I am currently stuck trying to rearrange our sourcecontrol systems so that
we might suitably branch our source for experimentation in areas such as
this. Hopefully I will be past those issues soon.

Your post has certainly given me food for thought, thanks for that. (No really...
I mean that :) )

Unfortunately it looks like, once again, I am about to be diverted to other
concerns. I will revisit this thread if I have any further questions.

Thanks once again for you help

--
Rory
Jul 21 '08 #5
Thanks for your quick reply Rory,

Sure, no problem. I can understand that it's really hard to manage all the
things when there are so many tasks concurrently. Anyway, please feel free
to post here whenever you continue work on this and need any help.

Good luck!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

--------------------
>Date: Mon, 21 Jul 2008 08:57:44 +0000 (UTC)
Message-ID: <3a**************************@news.microsoft.com >
From: Rory Becker <ro********@newsgroup.nospam>
Subject: RE: Forms Authentication vs MembershipProvider
>
Hello Steven Cheng [MSFT],
>Hi Rory,

Does the information in previous messages help you some or do you
still have any questions about the forms authentication or membership
service? If so, please feel free to post here.

Sorry for the delay in responding Steven. Work tends to throw me in
different
>directions at strange times.

I am currently stuck trying to rearrange our sourcecontrol systems so that
we might suitably branch our source for experimentation in areas such as
this. Hopefully I will be past those issues soon.

Your post has certainly given me food for thought, thanks for that. (No
really...
>I mean that :) )

Unfortunately it looks like, once again, I am about to be diverted to
other
>concerns. I will revisit this thread if I have any further questions.

Thanks once again for you help

--
Rory
>
Jul 21 '08 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
3
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
2
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having...
0
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
5
by: Graham | last post by:
I have created a custom MembershipProvider called "LassieMembershipProvider" that derives from "MembershipProvider". This providor is located in a Businesslogic layer dll called...
2
by: mrajanikrishna | last post by:
Hello friends, I am new to dotNETand familier with classic ASP. I've one doubt regarding users. I am developing an application. In which i want to authenticate users and logged in which is...
8
by: Tomasz | last post by:
Hello Developers! I have an interesting problem using my custom MembershipProvider, RoleProvider and Forms Authentication. Both MembershipProvider and RoleProvider require session state, where...
1
by: Peps | last post by:
Hello, I'm just starting to learn VB.NET and I would like your advice in setting up authentication. I'm trying to build a site that will capture a user's domain credentials and have it check...
3
by: rh.krish | last post by:
I have a typical ASP.NET 2.0 Forms authentication application which authenticates against Active Directory. I use non-persistent cookie so that the user is NOT remembered across browser sessions....
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.