ASP.NET 2.0 Authentication pattern

P

Paps

Usually my authentication pattern in 1.x was:
- create login form
- Validate the user and create Authentication cookie
- create custom IIdentity for additional user information

know in ASP.NET 2.0 we have Login control that made every thing for me,
there is
a Profile property for storing custom user information
a Membership property for storing logged user information
a Roles for validating user Role - permission.

the question is :
Have yet sense to customize the IIdenty and the IPrincipal for storing
custom logged user information in the Page.User property or is better to use
the new property like Membership Profile and Roles ?

Thanks
 
B

Brock Allen

Usually my authentication pattern in 1.x was:
...
- create custom IIdentity for additional user information

This is where the thinking is different in ASP.NET 2.0 (at least by default).
You need to think about authentication as a seperate "silo" of functionality
than profile data for your users. The provider architecture handles these
discrete areas and makes explicit boundaries for the functionality. Membership
Providers are for managing authentication information which is different
than the Profile Provider which is geared for user data which is different
than the Role Provider which manages role mappings. Also, for each of these
they may actually store their respective data in entirely different data
stores (SqlServer, vs. AD, vs. an XML document vs. whatever). What they all
have in common is User.Identity.Name.

So where you used to think about all of these various bits of data jammed
into one big table, now the model leans toward seperating each one of these
areas out into its own provider and backing data store. This, while different
and possibly a hassle, provides the most flexibility. Flexibility comes at
a cost.
 
D

Dominick Baier [DevelopMentor]

Hello Brock,

hey, brock is back, and he is absolutely right :)

it is comparable to IIdentity and IPrincipal - one for authentication and
one for authorization.

So i guess the final question is - where is the proposed place to store additional
user info in asp2??

I guess that's profile - but at least it is not Role or Membership.

Decide yourself if you want to use the profile feature for that - or if you
handroll that.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top