Converting from asp to asp.net / security

D

Dave

Hi, Im considering converting a legacy application from asp to aspx (vb) -
just for the purpose of learning (Im new at .net, but experienced at
vbscript)

What I need to get my head around, is page security.
Currently this app has a database login which sets session values for
username etc

Pages within this web are then protected by the usual "If
session("loggedin") = true then..." kind of code.

I can continue the same sort of logic with an aspx page, but should I?
Is there a better / more efficient way to take the users existing database
login and use it for page access? Use the web.config file as well / instead
of?
What would be the best practice to do that ?

Thanks!
 
G

Guest

With .NET, you can do one of two things:

1. Set the application up as secure and exclude specific pages from a login
2. Set the application up as insecure and force the user to log in for
specific pages

In addition, config files cascade, so you can set up specific locations as
secure by either creating applications under your main application or setting
up .config files for specific directories.

Bearing this in mind, it is as easy as setting up a authentication method
and forcing users to authenticate to avoid the session("logged_in") check. It
takes a few seconds in the web.config file to set this up and you gain a
benefit hard (or perhaps harder) to achieve in ASP: The user can bookmark a
specific page and be thrown to login, then redirected back to the page
(without any code on your part).

The biggest, largely unspoken, caveat is you should have a page called
default.aspx in your application for people who bookmark the login page.
Otherwise, it has nowhere to redirect and goes to a hard-coded default.aspx,
causing an error.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
 
D

Dave

Thanks Gregory,
How would that relate to my situation of an existing database of 1000+
users?
The database would need to remain, and the users login.
Im just still not to sure what happens next :)

Forms authentication in the config file would accomodate this and then
wouldnt require me adding further protection to my converted asp pages?
(other than removing the existing protection :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

converting ASP.Net session type to an ASP one 2
asp.net sqlmembershipprovider integrated security 1
Converting ASP.NET Page from VB to C# 5
security... 0
Converting asp to aspx encoding problem 0
asp.net 2. 0 security 2
winform security: strange error, where as I expected a redirect 2
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2

Members online

No members online now.
Total: 44 (members: 2, guests: 42)
Robots: 77

Forum statistics

Threads
473,754
Messages
2,569,521
Members
44,995
Latest member
PinupduzSap

Latest Threads

Top