DotNetNewsgroup.com  
web access to complete list of Microsoft.NET newsgroups
   home   |   control panel login   |   archive  |  
 
  carried group
academic
adonet
aspnet
aspnet.announcements
aspnet.buildingcontrols
aspnet.caching
aspnet.datagridcontrol
aspnet.mobile
aspnet.security
aspnet.webcontrols
aspnet.webservices
assignment_manager
datatools
dotnet.distributed_apps
dotnet.general
dotnet.myservices
dotnet.nternationalization
dotnet.scripting
dotnet.security
dotnet.vjsharp
dotnet.vsa
dotnet.xml
dotnetfaqs
framework
framework.clr
framework.compactframework
framework.component_services
framework.controls
framework.databinding
framework.drawing
framework.enhancements
framework.interop
framework.odbcnet
framework.performance
framework.remoting
framework.sdk
framework.setup
framework.webservices
framework.windowsforms
framework.wmi
frwk.windowsforms.designtime
lang.csharp
lang.jscript
lang.vb
lang.vb.controls
lang.vb.data
lang.vb.upgrade
lang.vc
lang.vc.libraries
  
 
start date: Mon, 25 Jun 2007 17:51:29 -0700,    posted on: microsoft.public.dotnet.framework.aspnet.security        back       

Thread Index
  1    GaryDean am
          2    Dominick Baier


High Level Question    
I'm trying to decide if we should use the ASP.Net 2.0 authentications tools 
or role-our-own forms authentication as we always did (with little work) in 
1.1 apps.  what I'm afraid of is that we will get stuck on a cul-de-sac as 
we sometimes do using those "no code required" tools.

I see I can define users and roles and access to folders but can I add my 
own data about the users - for instance I would certainly need their 
employee number or maybe other things about them such a which fields they 
can see on the payroll file.  Can I do this?  Is this what Profiles are for?

Are there any gotchas in these tools? ( I know there are no gottchas in the 
role-our-own solution).

Thanks,
Gary Blakely
Date:Mon, 25 Jun 2007 17:51:29 -0700   Author:  

Re: High Level Question    
That's an excellent question!

The one important point here is - membership is not made for extensibility. 
If the membership feature does 100% what you need - go for it. If not - there 
is no point in doing providers for providers sake.

You cannot add additional data to the memership table (at least not in a 
clean way) - that's what profile is for.

That said - another fact is that MS is integrating membership/roles into 
a couple of products (WCF, IIS7, Sharepoint) - and if you plan to use them 
in the future - you can easily integrate your auth logic...

I would say if you have a working implementation already think about two 
things

a) just use what you have (and works)
b) write a thin wrapper around some of your existing functionality using 
membership/roles - just enough to enable RAD tools and reuse...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)


> I'm trying to decide if we should use the ASP.Net 2.0 authentications
> tools or role-our-own forms authentication as we always did (with
> little work) in 1.1 apps.  what I'm afraid of is that we will get
> stuck on a cul-de-sac as we sometimes do using those "no code
> required" tools.
> 
> I see I can define users and roles and access to folders but can I add
> my own data about the users - for instance I would certainly need
> their employee number or maybe other things about them such a which
> fields they can see on the payroll file.  Can I do this?  Is this what
> Profiles are for?
> 
> Are there any gotchas in these tools? ( I know there are no gottchas
> in the role-our-own solution).
> 
> Thanks,
> Gary Blakely
Date:Tue, 26 Jun 2007 04:53:13 +0000 (UTC)   Author:  

Google
 
Web dotnetnewsgroup.com


COPYRIGHT ?2005, EUROFRONT WORLDWIDE LTD., ALL RIGHT RESERVE  |   Contact us