High Level Question

Discussion in 'ASP .Net Security' started by GaryDean, Jun 26, 2007.

  1. GaryDean

    GaryDean Guest

    I'm trying to decide if we should use the ASP.Net 2.0 authentications tools
    or role-our-own forms authentication as we always did (with little work) in
    1.1 apps. what I'm afraid of is that we will get stuck on a cul-de-sac as
    we sometimes do using those "no code required" tools.

    I see I can define users and roles and access to folders but can I add my
    own data about the users - for instance I would certainly need their
    employee number or maybe other things about them such a which fields they
    can see on the payroll file. Can I do this? Is this what Profiles are for?

    Are there any gotchas in these tools? ( I know there are no gottchas in the
    role-our-own solution).

    Thanks,
    Gary Blakely
     
    GaryDean, Jun 26, 2007
    #1
    1. Advertising

  2. That's an excellent question!

    The one important point here is - membership is not made for extensibility.
    If the membership feature does 100% what you need - go for it. If not - there
    is no point in doing providers for providers sake.

    You cannot add additional data to the memership table (at least not in a
    clean way) - that's what profile is for.

    That said - another fact is that MS is integrating membership/roles into
    a couple of products (WCF, IIS7, Sharepoint) - and if you plan to use them
    in the future - you can easily integrate your auth logic...

    I would say if you have a working implementation already think about two
    things

    a) just use what you have (and works)
    b) write a thin wrapper around some of your existing functionality using
    membership/roles - just enough to enable RAD tools and reuse...


    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > I'm trying to decide if we should use the ASP.Net 2.0 authentications
    > tools or role-our-own forms authentication as we always did (with
    > little work) in 1.1 apps. what I'm afraid of is that we will get
    > stuck on a cul-de-sac as we sometimes do using those "no code
    > required" tools.
    >
    > I see I can define users and roles and access to folders but can I add
    > my own data about the users - for instance I would certainly need
    > their employee number or maybe other things about them such a which
    > fields they can see on the payroll file. Can I do this? Is this what
    > Profiles are for?
    >
    > Are there any gotchas in these tools? ( I know there are no gottchas
    > in the role-our-own solution).
    >
    > Thanks,
    > Gary Blakely
     
    Dominick Baier, Jun 26, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    395
    Marina
    Nov 28, 2005
  2. pabbu
    Replies:
    8
    Views:
    773
    Marc Boyer
    Nov 7, 2005
  3. Rob

    High level design question

    Rob, Nov 19, 2007, in forum: ASP .Net
    Replies:
    5
    Views:
    471
    John Timney \(MVP\)
    Nov 19, 2007
  4. Scorpiion
    Replies:
    1
    Views:
    1,405
    Scorpiion
    Dec 25, 2008
  5. Tobes \(Breath\)

    Newby High Level Design/Architecture Question

    Tobes \(Breath\), Nov 18, 2003, in forum: ASP .Net Web Services
    Replies:
    2
    Views:
    177
    Sami Vaaraniemi
    Nov 19, 2003
Loading...

Share This Page