Question about membership/security

Discussion in 'ASP .Net' started by Cirene, Apr 30, 2008.

  1. Cirene

    Cirene Guest

    I am creating an ASP.NET 2.0 website. Rather than using all the membership
    functions I wanted to just create my own SQL Server db and use SESSION vars
    to track if the user is logged in etc...

    Is doing it in this way just as secure? I know that the "membership" stuff
    will save me some coding, but I was just thinking....

    Thanks.
     
    Cirene, Apr 30, 2008
    #1
    1. Advertising

  2. "Cirene" <> wrote in message
    news:...
    >I am creating an ASP.NET 2.0 website. Rather than using all the membership
    >functions I wanted to just create my own SQL Server db and use SESSION vars
    >to track if the user is logged in etc...


    If you have a custom database schema you wish to use, you can still use
    Membership. Just create your own custom provider.

    > Is doing it in this way just as secure?


    The Session stuff is encrypted, so it should be secure enough. The
    Membership bits still send encrypted information to the client, so it is
    probably pretty equivalent.

    > I know that the "membership" stuff will save me some coding, but I was
    > just thinking....


    A lot of coding. A lot of missed bugs. Etc.

    Before rewriting the entire authentication system, I would look at creating
    your own custom provider.
    http://www.devx.com/asp/Article/29256
    http://www.15seconds.com/issue/050216.htm

    Google "Custom Membership Provider" and you should find a lot of additional
    articles.

    --
    Gregory A. Beamer
    MVP, MCP: +I, SE, SD, DBA

    Subscribe to my blog
    http://gregorybeamer.spaces.live.com/lists/feed.rss

    or just read it:
    http://gregorybeamer.spaces.live.com/

    *************************************************
    | Think outside the box!
    |
    *************************************************
     
    Cowboy \(Gregory A. Beamer\), Apr 30, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ABC
    Replies:
    5
    Views:
    590
    Scott Allen
    Nov 23, 2005
  2. 00_DotNetWarrior
    Replies:
    6
    Views:
    2,628
    Juan T. Llibre
    May 13, 2006
  3. jobs
    Replies:
    0
    Views:
    840
  4. Tino Donderwinkel
    Replies:
    2
    Views:
    767
    Tino Donderwinkel
    Jun 18, 2008
  5. jobs
    Replies:
    0
    Views:
    248
Loading...

Share This Page