best practice asp.net 2.0 approach for includes

Discussion in 'ASP .Net' started by Ned Balzer, Jul 20, 2006.

  1. Ned Balzer

    Ned Balzer Guest

    Hi all,

    I am pretty new to asp.net; I've done lots of classic asp, but am just
    beginning to get my mind wrapped around .net.

    What I'd like to do is include some code that tests if a user is logged
    in, on each and every page, and redirects the user to a login page if
    s/he's not logged in. The login page will also take care of some
    standard setup, such as choosing/populating a user profile. I used to
    use <!-- #include ... --> for this, but I understand that's not the way
    to do it in .net.

    I am not interested in using the .net 2.0 login controls, because our
    university already has some standard tools for authentication against
    university-wide (non-Microsoft) LDAP.

    What is the best practice approach for this? I've read various threads
    on this forum about .ascx user controls. I think I want to override
    page_load() -- is that correct? But the page_load() subroutine will
    also often need to perform some page-specific tasks. Is there an
    approach that uses master pages?

    It seems like one of those cases where there are a hundred ways to do
    something, but various ways may have some advantages or disadvantages.

    Thanks for any helpful advice.

    -- Ned
     
    Ned Balzer, Jul 20, 2006
    #1
    1. Advertising

  2. Then you shouldn't have titled the thread best practice. Best
    practice/correctness recommends you use the provided login controls over
    your home grown remedies.

    --
    ________________________
    Warm regards,
    Alvin Bruney [MVP ASP.NET]

    [Shameless Author plug]
    Professional VSTO.NET - Wrox/Wiley
    The O.W.C. Black Book with .NET
    www.lulu.com/owc, Amazon
    Blog: http://www.msmvps.com/blogs/alvin
    -------------------------------------------------------


    "Ned Balzer" <> wrote in message
    news:...
    > Hi all,
    >
    > I am pretty new to asp.net; I've done lots of classic asp, but am just
    > beginning to get my mind wrapped around .net.
    >
    > What I'd like to do is include some code that tests if a user is logged
    > in, on each and every page, and redirects the user to a login page if
    > s/he's not logged in. The login page will also take care of some
    > standard setup, such as choosing/populating a user profile. I used to
    > use <!-- #include ... --> for this, but I understand that's not the way
    > to do it in .net.
    >
    > I am not interested in using the .net 2.0 login controls, because our
    > university already has some standard tools for authentication against
    > university-wide (non-Microsoft) LDAP.
    >
    > What is the best practice approach for this? I've read various threads
    > on this forum about .ascx user controls. I think I want to override
    > page_load() -- is that correct? But the page_load() subroutine will
    > also often need to perform some page-specific tasks. Is there an
    > approach that uses master pages?
    >
    > It seems like one of those cases where there are a hundred ways to do
    > something, but various ways may have some advantages or disadvantages.
    >
    > Thanks for any helpful advice.
    >
    > -- Ned
    >
     
    Alvin Bruney [MVP], Jul 21, 2006
    #2
    1. Advertising

  3. Ned Balzer

    Ned Balzer Guest

    I titled my post best practices because I want to know what the best
    practices are, given my situation. Maybe I'm wrong, and the asp.net
    login controls would work against an external LDAP -- if so, please
    correct me.

    Does anyone else have any advice that is actually helpful? I would
    genuinely appreciate it.

    -- Ned
    Alvin Bruney [MVP] wrote:
    > Then you shouldn't have titled the thread best practice. Best
    > practice/correctness recommends you use the provided login controls over
    > your home grown remedies.
    >
    > --
    > ________________________
    > Warm regards,
    > Alvin Bruney [MVP ASP.NET]
    >
    > [Shameless Author plug]
    > Professional VSTO.NET - Wrox/Wiley
    > The O.W.C. Black Book with .NET
    > www.lulu.com/owc, Amazon
    > Blog: http://www.msmvps.com/blogs/alvin
    > -------------------------------------------------------
    >
    >
    > "Ned Balzer" <> wrote in message
    > news:...
    > > Hi all,
    > >
    > > I am pretty new to asp.net; I've done lots of classic asp, but am just
    > > beginning to get my mind wrapped around .net.
    > >
    > > What I'd like to do is include some code that tests if a user is logged
    > > in, on each and every page, and redirects the user to a login page if
    > > s/he's not logged in. The login page will also take care of some
    > > standard setup, such as choosing/populating a user profile. I used to
    > > use <!-- #include ... --> for this, but I understand that's not the way
    > > to do it in .net.
    > >
    > > I am not interested in using the .net 2.0 login controls, because our
    > > university already has some standard tools for authentication against
    > > university-wide (non-Microsoft) LDAP.
    > >
    > > What is the best practice approach for this? I've read various threads
    > > on this forum about .ascx user controls. I think I want to override
    > > page_load() -- is that correct? But the page_load() subroutine will
    > > also often need to perform some page-specific tasks. Is there an
    > > approach that uses master pages?
    > >
    > > It seems like one of those cases where there are a hundred ways to do
    > > something, but various ways may have some advantages or disadvantages.
    > >
    > > Thanks for any helpful advice.
    > >
    > > -- Ned
    > >
     
    Ned Balzer, Jul 21, 2006
    #3
  4. Ned Balzer

    Paul Guest

    I'm sure you could get the ASP.NET2.0 login controls to work with an
    external LDAP because they are developed using providers, which you can
    extend / override with your own versions (which would be able to communicate
    with the external LDAP).

    However, I was originally won over by this security model when I read up on
    the changes in 2.0. Using them in one project, but then an additional
    requirement to implement some functionality in a windows application came
    up. At that point it appeared to me that Microsoft had broken another best
    practise. These membership providers seem fairly tightly coupled into
    ASP.NET, requiring another security implementation for windows forms. I
    would have thought m/s should have provided security base classes that were
    independant of application type, then UI classes in both windows and web
    that use these base providers. Maybe that wouldn't be possible, or I've
    missed how easy it would be to include my own version of this - but it
    seemed a short coming to me at the time.

    Hope that helps,

    - Paul.

    "Ned Balzer" <> wrote in message
    news:...
    >I titled my post best practices because I want to know what the best
    > practices are, given my situation. Maybe I'm wrong, and the asp.net
    > login controls would work against an external LDAP -- if so, please
    > correct me.
    >
    > Does anyone else have any advice that is actually helpful? I would
    > genuinely appreciate it.
    >
    > -- Ned
    > Alvin Bruney [MVP] wrote:
    >> Then you shouldn't have titled the thread best practice. Best
    >> practice/correctness recommends you use the provided login controls over
    >> your home grown remedies.
    >>
    >> --
    >> ________________________
    >> Warm regards,
    >> Alvin Bruney [MVP ASP.NET]
    >>
    >> [Shameless Author plug]
    >> Professional VSTO.NET - Wrox/Wiley
    >> The O.W.C. Black Book with .NET
    >> www.lulu.com/owc, Amazon
    >> Blog: http://www.msmvps.com/blogs/alvin
    >> -------------------------------------------------------
    >>
    >>
    >> "Ned Balzer" <> wrote in message
    >> news:...
    >> > Hi all,
    >> >
    >> > I am pretty new to asp.net; I've done lots of classic asp, but am just
    >> > beginning to get my mind wrapped around .net.
    >> >
    >> > What I'd like to do is include some code that tests if a user is logged
    >> > in, on each and every page, and redirects the user to a login page if
    >> > s/he's not logged in. The login page will also take care of some
    >> > standard setup, such as choosing/populating a user profile. I used to
    >> > use <!-- #include ... --> for this, but I understand that's not the way
    >> > to do it in .net.
    >> >
    >> > I am not interested in using the .net 2.0 login controls, because our
    >> > university already has some standard tools for authentication against
    >> > university-wide (non-Microsoft) LDAP.
    >> >
    >> > What is the best practice approach for this? I've read various threads
    >> > on this forum about .ascx user controls. I think I want to override
    >> > page_load() -- is that correct? But the page_load() subroutine will
    >> > also often need to perform some page-specific tasks. Is there an
    >> > approach that uses master pages?
    >> >
    >> > It seems like one of those cases where there are a hundred ways to do
    >> > something, but various ways may have some advantages or disadvantages.
    >> >
    >> > Thanks for any helpful advice.
    >> >
    >> > -- Ned
    >> >

    >
     
    Paul, Jul 21, 2006
    #4
  5. Ned,

    There is nothing wrong with building your own custom user authentication
    into the application. I have been doing it for years I'm my web apps. The
    downside is that you will have more code to write to make it truly secure.

    Instead of using includes, make use of Master Pages in ASP.Net 2.0. You can
    have a master page that contains general content that is used across the site
    (navigation, header, footer, etc). This master page can also server as the
    place for you validation routine.

    If you do not require validation across the entire site, know that you can
    have more than one master page (apparently they can even be nested).

    If master pages does not work for you. The next best solution might be to
    create a User Control (similar to Scriplets in classic ASP). In this case,
    you would place the validation routine in the user control and then embed the
    user control into any pages that require authentication.

    Best of luck,
    --
    Steven Land


    "Ned Balzer" wrote:

    > I titled my post best practices because I want to know what the best
    > practices are, given my situation. Maybe I'm wrong, and the asp.net
    > login controls would work against an external LDAP -- if so, please
    > correct me.
    >
    > Does anyone else have any advice that is actually helpful? I would
    > genuinely appreciate it.
    >
    > -- Ned
    > Alvin Bruney [MVP] wrote:
    > > Then you shouldn't have titled the thread best practice. Best
    > > practice/correctness recommends you use the provided login controls over
    > > your home grown remedies.
    > >
    > > --
    > > ________________________
    > > Warm regards,
    > > Alvin Bruney [MVP ASP.NET]
    > >
    > > [Shameless Author plug]
    > > Professional VSTO.NET - Wrox/Wiley
    > > The O.W.C. Black Book with .NET
    > > www.lulu.com/owc, Amazon
    > > Blog: http://www.msmvps.com/blogs/alvin
    > > -------------------------------------------------------
    > >
    > >
    > > "Ned Balzer" <> wrote in message
    > > news:...
    > > > Hi all,
    > > >
    > > > I am pretty new to asp.net; I've done lots of classic asp, but am just
    > > > beginning to get my mind wrapped around .net.
    > > >
    > > > What I'd like to do is include some code that tests if a user is logged
    > > > in, on each and every page, and redirects the user to a login page if
    > > > s/he's not logged in. The login page will also take care of some
    > > > standard setup, such as choosing/populating a user profile. I used to
    > > > use <!-- #include ... --> for this, but I understand that's not the way
    > > > to do it in .net.
    > > >
    > > > I am not interested in using the .net 2.0 login controls, because our
    > > > university already has some standard tools for authentication against
    > > > university-wide (non-Microsoft) LDAP.
    > > >
    > > > What is the best practice approach for this? I've read various threads
    > > > on this forum about .ascx user controls. I think I want to override
    > > > page_load() -- is that correct? But the page_load() subroutine will
    > > > also often need to perform some page-specific tasks. Is there an
    > > > approach that uses master pages?
    > > >
    > > > It seems like one of those cases where there are a hundred ways to do
    > > > something, but various ways may have some advantages or disadvantages.
    > > >
    > > > Thanks for any helpful advice.
    > > >
    > > > -- Ned
    > > >

    >
    >
     
    =?Utf-8?B?U3RldmVuIExhbmQ=?=, Jul 21, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Larry Rekow
    Replies:
    1
    Views:
    515
    Hermit Dave
    Aug 31, 2004
  2. oj
    Replies:
    1
    Views:
    356
    Joe Fallon
    Nov 25, 2004
  3. WJ
    Replies:
    1
    Views:
    351
    Lau Lei Cheong
    Apr 13, 2005
  4. Phil Johnson
    Replies:
    2
    Views:
    737
    Phil Johnson
    Mar 12, 2008
  5. oldyork90
    Replies:
    1
    Views:
    162
    Jeremy J Starcher
    Sep 10, 2008
Loading...

Share This Page