..NET has a very well designed authentication and authorization
infrastructure. It is all based off of the IIdentity and IPrinciapl
interfaces. I would start looking at them. There are GenericIdentity and
GenericPrincipal classes already built that you can use or you can create
your own classes that implement the interfaces and create your own.
Just as in ASP.NET, you will have to build your own login form. There you
will need to establish the objects and tie them to the thread
(Thread.CurrentPrincipal = yourPrincipalObject). Then you can check the
roles (Thread.CurrentPrincipal.IsInRole("xxx")) to determine the
functionality that will execute or look at the PrincipalPermissionAttribute
for locking down whole methods and classes.
As far as encryption, passwords are normally encrypted with a 1 way
function. Have a look at the SHA1Managed class for that. You can do
reversible encryption as well, but that is quite a bit more in depth and not
recommended for passwords anyways.
--
Eric Marvets
Principal Consultant
the bang project
<shameless self promotion>
Email
sa***@bangproject.com for Information on Our Architecture and
Mentoring Services
</shameless self promotion>