System Access Guidelines

Discussion in 'ASP .Net Security' started by Brett, Feb 23, 2009.

  1. Brett

    Brett Guest

    Looking for documented guides for developing certain system access features
    in ASP/VB .Net and even Classic ASP. With the newer technologies, I suspect
    there's an easy way and a difficult way. For example, using the TIMEOUT
    atrribute of Forms Authentication. You could certainly code that
    functionality as well, but...

    Some specific fetaures I'm looking into include:
    - Auto-generate a first time password that must be changed on first login
    - Change password every xx days
    - Requiring strong passwords
    - Disable password reuse
    - Limit the number of login attempts,m then lock user out
    - Auto-logout after xx minutes of inactivity

    I'm guessing there's a book or on-line resource or something else that
    covers these.

    Thanks

    Brett Ossman
    Brett, Feb 23, 2009
    #1
    1. Advertising

  2. Brett

    Brett Guest

    Just let me add that a book, etc. on key productivity features of VS 2008
    and framework 3.5 would be good to. Again, just key or especially noteworthy
    features for starters.

    Thanks again
    Brett, Feb 23, 2009
    #2
    1. Advertising

  3. Brett

    Brett Guest

    Looking for documented guides for developing certain system access features
    in ASP/VB .Net and even Classic ASP. With the newer technologies, I suspect
    there's an easy way and a difficult way. For example, using the TIMEOUT
    atrribute of Forms Authentication. You could certainly code that
    functionality as well, but...

    Some specific fetaures I'm looking into include:
    - Auto-generate a first time password that must be changed on first login
    - Change password every xx days
    - Requiring strong passwords
    - Disable password reuse
    - Limit the number of login attempts,m then lock user out
    - Auto-logout after xx minutes of inactivity

    I'm guessing there's a book or on-line resource or something else that
    covers these.

    Thanks

    Brett Ossman
    Brett, Feb 23, 2009
    #3
  4. Brett

    Joe Kaplan Guest

    To a great extent, much of this depends on what you use for the backing
    store for your identities.

    For example, if you were to use AD or AD/LDS as the backing store with the
    AD membership provider, then all these ID management features (lockout,
    strong passwords, expiration, etc.) are handled by the underlying directory
    store. However, if you use SQL, then you must come up with a way to build a
    lot of them yourself. The providers can help with this, but there is likely
    additional work to do.

    Also note that it can be quite difficult to handle things like password
    expiration for systems where the user is not logging in frequently as you
    generally need some sort of external notification mechanism (email message
    or something) to let them know their password is expiring.

    The actual timeout of the cookie for forms auth is just a configuration
    setting in web.config and is independent of the underlying store.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    "Brett" <> wrote in message
    news:...
    > Looking for documented guides for developing certain system access
    > features
    > in ASP/VB .Net and even Classic ASP. With the newer technologies, I
    > suspect
    > there's an easy way and a difficult way. For example, using the TIMEOUT
    > atrribute of Forms Authentication. You could certainly code that
    > functionality as well, but...
    >
    > Some specific fetaures I'm looking into include:
    > - Auto-generate a first time password that must be changed on first login
    > - Change password every xx days
    > - Requiring strong passwords
    > - Disable password reuse
    > - Limit the number of login attempts,m then lock user out
    > - Auto-logout after xx minutes of inactivity
    >
    > I'm guessing there's a book or on-line resource or something else that
    > covers these.
    >
    > Thanks
    >
    > Brett Ossman
    Joe Kaplan, Feb 23, 2009
    #4
  5. Brett

    Brett Guest

    Thanks for the reply.

    It will definitely be a SQL backend. I figured I would have to develop
    these features, and could certainly figure out a way to do so. I was just
    wondering if there were book(s), article(s), etc. that cover these topics to
    save some time. I want to make sure I take full advantage of the VS 2008 and
    ..Net 3.5 tools available.

    Thanks again

    Brett Ossman
    Brett, Feb 23, 2009
    #5
  6. Brett

    Joe Kaplan Guest

    I know there is a book out there about the membership system specifically
    that might be interesting to you. Unfortunately, I haven't read it myself
    so I don't know whether it addresses any of your specific concerns or not.
    I don't know how people tend to add this to SQL normally as I don't actually
    work with SQL-based identity stores. :)

    I hope you get some good answers.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    "Brett" <> wrote in message
    news:...
    > Thanks for the reply.
    >
    > It will definitely be a SQL backend. I figured I would have to develop
    > these features, and could certainly figure out a way to do so. I was just
    > wondering if there were book(s), article(s), etc. that cover these topics
    > to
    > save some time. I want to make sure I take full advantage of the VS 2008
    > and
    > .Net 3.5 tools available.
    >
    > Thanks again
    >
    > Brett Ossman
    Joe Kaplan, Feb 23, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JIT

    Code Guidelines

    JIT, Oct 4, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    514
    Rajesh Kumar
    Nov 2, 2004
  2. Francisco Camarero

    VHDL Coding Guidelines

    Francisco Camarero, Jul 8, 2003, in forum: VHDL
    Replies:
    1
    Views:
    2,063
  3. Roger

    Portable Coding Guidelines?

    Roger, Dec 17, 2004, in forum: VHDL
    Replies:
    0
    Views:
    538
    Roger
    Dec 17, 2004
  4. Mike Kruchten

    Are there any guidelines for source control?

    Mike Kruchten, Apr 30, 2004, in forum: ASP .Net
    Replies:
    7
    Views:
    323
    John Saunders
    May 3, 2004
  5. sk
    Replies:
    5
    Views:
    2,241
    Shardul Kulkarni
    Mar 10, 2005
Loading...

Share This Page