Forms Authentication vs MembershipProvider

Study the LoginView class

"Rory Becker" <ro********@newsgroup.nospamwrote in message
news:3a**************************@news.microsoft.c om...

Having now created a Custom MembershipProvider that seems to work
correctly with my Logon and ChangePassword controls, I am, as they say, a
happy bunny.
The next stange is to move on to the creation of content which adjusts
based on the user.

I have several pages which require a user to be logged on and several
which do not. Prior to this point in time I have used 2 different master
pages. one with a control which checks a session variable to determine
logged on or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring authentication were in one folder and pages not requiring
authentication were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using? 2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory

Hi Rory,

First, I'm glad that you've got custom membership provider working, great
progress :)

For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to make
some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?

For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1.1..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using membershp.
And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You can
also use membershp service without using Forms authentication.

Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.
#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx

#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources
http://weblogs.asp.net/scottgu/archi...Membership_2C0
0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <locationelement in web.config file to specify the
authorization setting for a particular url (such as a sub folder or a
parituclar page).

#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorization>
setting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

>Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3a**************************@news.microsoft.com >
From: Rory Becker <ro********@newsgroup.nospam>
Subject: Forms Authentication vs MembershipProvider

>The next stange is to move on to the creation of content which adjusts

based

>on the user.

I have several pages which require a user to be logged on and several

which

>do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages

requiring

>authentication were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the Provider
model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory

>

Hi Rory,

Does the information in previous messages help you some or do you still
have any questions about the forms authentication or membership service? If
so, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

>From: st*****@online.microsoft.com (Steven Cheng [MSFT])
Organization: Microsoft
Date: Thu, 17 Jul 2008 06:02:22 GMT
Subject: RE: Forms Authentication vs MembershipProvider

>
Hi Rory,

First, I'm glad that you've got custom membership provider working, great
progress :)

For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to

make

>some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?

For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1.1..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using

membershp.

>

And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You

can

>also use membershp service without using Forms authentication.

Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.
#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx

#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security

Resources

>http://weblogs.asp.net/scottgu/archi...-Membership_2C

0

>0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <locationelement in web.config file to specify the
authorization setting for a particular url (such as a sub folder or a
parituclar page).

#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorization>
setting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

================================================= =
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ault.aspx#noti

f

>ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
================================================= =
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

>>Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3a**************************@news.microsoft.com >
From: Rory Becker <ro********@newsgroup.nospam>
Subject: Forms Authentication vs MembershipProvider

>>The next stange is to move on to the creation of content which adjusts

based

>>on the user.

I have several pages which require a user to be logged on and several

which

>>do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages

requiring

>>authentication were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.what is the relationship between Forms Authentication and the

Provider

>>model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory

>>

Hello Steven Cheng [MSFT],

Hi Rory,

Does the information in previous messages help you some or do you
still have any questions about the forms authentication or membership
service? If so, please feel free to post here.

Sorry for the delay in responding Steven. Work tends to throw me in different
directions at strange times.

I am currently stuck trying to rearrange our sourcecontrol systems so that
we might suitably branch our source for experimentation in areas such as
this. Hopefully I will be past those issues soon.

Your post has certainly given me food for thought, thanks for that. (No really...
I mean that :) )

Unfortunately it looks like, once again, I am about to be diverted to other
concerns. I will revisit this thread if I have any further questions.

Thanks once again for you help

--
Rory

Thanks for your quick reply Rory,

Sure, no problem. I can understand that it's really hard to manage all the
things when there are so many tasks concurrently. Anyway, please feel free
to post here whenever you continue work on this and need any help.

Good luck!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

--------------------

>Date: Mon, 21 Jul 2008 08:57:44 +0000 (UTC)
Message-ID: <3a**************************@news.microsoft.com >
From: Rory Becker <ro********@newsgroup.nospam>
Subject: RE: Forms Authentication vs MembershipProvider

>
Hello Steven Cheng [MSFT],

>Hi Rory,

Does the information in previous messages help you some or do you
still have any questions about the forms authentication or membership
service? If so, please feel free to post here.

Sorry for the delay in responding Steven. Work tends to throw me in

different

>directions at strange times.

I am currently stuck trying to rearrange our sourcecontrol systems so that
we might suitably branch our source for experimentation in areas such as
this. Hopefully I will be past those issues soon.

Your post has certainly given me food for thought, thanks for that. (No

really...

>I mean that :) )

Unfortunately it looks like, once again, I am about to be diverted to

other

>concerns. I will revisit this thread if I have any further questions.

Thanks once again for you help

--
Rory

>