Custom Authentication

Discussion in 'ASP .Net Security' started by SirPyros, Apr 4, 2005.

  1. SirPyros

    SirPyros Guest

    I am implementing some custom authentication for an intranet app I am
    building for my company. It is all done and working but I was wondering
    if anyone knows if there are any downsides in terms of speed and
    scalability in making your own authentication. Obviously if it is badly
    coded you will have perfomance issues but if anyone knows of any common
    pitfalls or any information they can share on the matter it will be
    greatly appreciated.
     
    SirPyros, Apr 4, 2005
    #1
    1. Advertising

  2. SirPyros

    Shaun Wilde Guest

    Can you explain more about your custom authentication?

    Do you mean username and password? or something else?

    Shaun

    "SirPyros" wrote:

    > I am implementing some custom authentication for an intranet app I am
    > building for my company. It is all done and working but I was wondering
    > if anyone knows if there are any downsides in terms of speed and
    > scalability in making your own authentication. Obviously if it is badly
    > coded you will have perfomance issues but if anyone knows of any common
    > pitfalls or any information they can share on the matter it will be
    > greatly appreciated.
    >
    >
     
    Shaun Wilde, Apr 6, 2005
    #2
    1. Advertising

  3. SirPyros

    SirPyros Guest

    its an ihttp module which handles the authenticaterequest event. It's
    similar to forms authentication, but I added better role checking, and
    the permissions don't have to be in the web.config, I populate a class
    with all of my page permissions and load it into application variable.
    Then when user tries to go to a page it sees if page is restricted , if
    it is it checks if user is authenticated and then checks if the user
    belongs to a role that can access this page.
     
    SirPyros, Apr 6, 2005
    #3
  4. SirPyros

    Shaun Wilde Guest

    It sounds similar to what we do where I get the users permissions from the
    database

    and is also similar to the samples presented by IBuySpy and dotnetnuke

    we build the permissions and then use the IsInRole method of a class whose
    name escapes me at the moment


    "SirPyros" <> wrote in message
    news:...
    > its an ihttp module which handles the authenticaterequest event. It's
    > similar to forms authentication, but I added better role checking, and
    > the permissions don't have to be in the web.config, I populate a class
    > with all of my page permissions and load it into application variable.
    > Then when user tries to go to a page it sees if page is restricted , if
    > it is it checks if user is authenticated and then checks if the user
    > belongs to a role that can access this page.
    >
     
    Shaun Wilde, Apr 7, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Connell
    Replies:
    1
    Views:
    556
    Natty Gur
    Oct 21, 2003
  2. raj mandadi
    Replies:
    0
    Views:
    441
    raj mandadi
    Dec 22, 2003
  3. Brett Porter
    Replies:
    2
    Views:
    789
    Andrea D'Onofrio [MSFT]
    Jan 20, 2004
  4. Mark
    Replies:
    0
    Views:
    691
  5. Brett Porter
    Replies:
    5
    Views:
    597
    Brett Porter
    Feb 3, 2004
Loading...

Share This Page