Cache Authentication vs Forms Authentication - Thoughts?

R

Rbrt

I am developing a IIS 6.0 / ASP.NET 2.0 database driven web site that will be
used for an in-house application with less than 1,000 potential users and
which will probably never have more than a couple of hundred simultaneous
users at any given time.

While forms authentication provides good tools for handling security for the
site, it is vulnerable to dedicated hackers who can sniff out cookies, or
urls and hijack the site.

I am consdiering using a cache-based authentication method in which I would
instantiate a custom user class object to handles things like log ons, and
store user information and which is then cached on the server with a sliding
expiration using a key consisting of the user's IP address. Every time the
user requests a page, the object can be retrieved from the cache. If it is
not found in the cache, then a redirect at server is used to route them to
the logon form. The advantage of course is that all of this is done on the
server with no client side data dependency other than the IP address.

Has anybody tried this? Anybody have any comments on what might be the
pitfalls of such a scheme?

Thanks for any input.

Robert
 
R

Rbrt

Good point. The "in-house" includes field staff who travel widely in and
outside of North America. The data is highly confidential and of considerable
interest to my customer's competitors.
 
S

Scott Roberts

You're thinking that a "dedicated hacker" won't be able to spoof an IP
address?

Anyway, if you're keen on using IP, why not use regular forms auth then add
logic to global.asax to query IP on each request and perform some logic?

You should probably also check out OpenID.

I don't really see a need to re-invent the wheel.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,832
Latest member
GlennSmall

Latest Threads

Top