Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > ASP.NET 2: Membership/RoleMangement vs. ASP.NET 1.1.. question

Reply
Thread Tools

ASP.NET 2: Membership/RoleMangement vs. ASP.NET 1.1.. question

 
 
matt@mailinator.com
Guest
Posts: n/a
 
      11-01-2005
hello,

im working on my first public-facing ASP.NET 2 website, and i have a
question/concern about authentication integration.

in ASP.NET 1.1, one would typically go w/ a "role yer own"
webforms/database role-based model: in your db youd have a Users table,
a RoleGroups table, a UserRoles table (see
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).

this worked well, because it hooked in directly with your typical Users
table (UserID, UserName, Email, FirstName, LastName, etc...)

in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
own SQL Server/Access database (the "ASPNETDB" datasource). and via
Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
user/group management tools (add/delete role, find user, etc..!).

however...i still need my custom db's User table -- as is expected,
there are many columns i have for my users that are not in the
MembershipUser object.

herein lies the problem -- if i am to use ASP.NET 2's Authentication
and RoleManagement funcationality (database), i am in effect
maintaining *two* databases of users! the authentication db
("ASPNETDB"), and my customer db. this starts to add complication, not
to mention data duplication. for example, if i wish to delete a user
altogether, i must now delete the user in two different databases.
likewise, if i wish to add a user, i have to add him in two databases
-- and if these tasks fail for some reason in one but not the other, it
seems quite messy.

another big concern is, most of my 1.1 apps use a simple Int32 "UserID"
identified column for anything related to my users -- relationships to
orders, comments/feedback, etc.. ASPNETDB has a UserID property, but i
cant seem to retrieve it via the MemberUser obj. and it doesnt look
like a simple indentifier int, either.

so, what is the consenus, here? how best to work w/ this model shift
between 1.1 and 2.0? how does one link their custom business-rules User
table to the authentication User table...!?


thanks,
matt

 
Reply With Quote
 
 
 
 
Patrick.O.Ige
Guest
Posts: n/a
 
      11-01-2005
I haven't really used the ASP.NET 2.0 built in Membership
But i don't think you must use what is provided i guess you should be able
to write your own customized one
Patrick

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> hello,
>
> im working on my first public-facing ASP.NET 2 website, and i have a
> question/concern about authentication integration.
>
> in ASP.NET 1.1, one would typically go w/ a "role yer own"
> webforms/database role-based model: in your db youd have a Users table,
> a RoleGroups table, a UserRoles table (see
> http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).
>
> this worked well, because it hooked in directly with your typical Users
> table (UserID, UserName, Email, FirstName, LastName, etc...)
>
> in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
> own SQL Server/Access database (the "ASPNETDB" datasource). and via
> Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
> user/group management tools (add/delete role, find user, etc..!).
>
> however...i still need my custom db's User table -- as is expected,
> there are many columns i have for my users that are not in the
> MembershipUser object.
>
> herein lies the problem -- if i am to use ASP.NET 2's Authentication
> and RoleManagement funcationality (database), i am in effect
> maintaining *two* databases of users! the authentication db
> ("ASPNETDB"), and my customer db. this starts to add complication, not
> to mention data duplication. for example, if i wish to delete a user
> altogether, i must now delete the user in two different databases.
> likewise, if i wish to add a user, i have to add him in two databases
> -- and if these tasks fail for some reason in one but not the other, it
> seems quite messy.
>
> another big concern is, most of my 1.1 apps use a simple Int32 "UserID"
> identified column for anything related to my users -- relationships to
> orders, comments/feedback, etc.. ASPNETDB has a UserID property, but i
> cant seem to retrieve it via the MemberUser obj. and it doesnt look
> like a simple indentifier int, either.
>
> so, what is the consenus, here? how best to work w/ this model shift
> between 1.1 and 2.0? how does one link their custom business-rules User
> table to the authentication User table...!?
>
>
> thanks,
> matt
>



 
Reply With Quote
 
 
 
 
Khaled Hussein
Guest
Posts: n/a
 
      11-01-2005
Hello,

I guess in this case you will have to build your own membership provider
that will facilitate the same membership features and tools for your own
database... so you will have to make simple modifications in your DB just
as suitable to the membership provider that you are building.

I am posting here also some links that helps in building your own membership
provider.
http://msdn.microsoft.com/library/de...ml/bucupro.asp
http://www.15seconds.com/issue/050216.htm
http://www.theserverside.net/article...rofileProvider
http://www.devx.com/asp/Article/29256

I hope this helps.
Thanks
--
Khaled Hussein
Graduate Teaching Assistant
College of Computing and Information Technology
Arab Academy for Science and Technology and Maritime Transport

> hello,
>
> im working on my first public-facing ASP.NET 2 website, and i have a
> question/concern about authentication integration.
>
> in ASP.NET 1.1, one would typically go w/ a "role yer own"
> webforms/database role-based model: in your db youd have a Users
> table, a RoleGroups table, a UserRoles table (see
> http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).
>
> this worked well, because it hooked in directly with your typical
> Users table (UserID, UserName, Email, FirstName, LastName, etc...)
>
> in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
> own SQL Server/Access database (the "ASPNETDB" datasource). and via
> Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
> user/group management tools (add/delete role, find user, etc..!).
>
> however...i still need my custom db's User table -- as is expected,
> there are many columns i have for my users that are not in the
> MembershipUser object.
>
> herein lies the problem -- if i am to use ASP.NET 2's Authentication
> and RoleManagement funcationality (database), i am in effect
> maintaining *two* databases of users! the authentication db
> ("ASPNETDB"), and my customer db. this starts to add complication, not
> to mention data duplication. for example, if i wish to delete a user
> altogether, i must now delete the user in two different databases.
> likewise, if i wish to add a user, i have to add him in two databases
>
> another big concern is, most of my 1.1 apps use a simple Int32
> "UserID" identified column for anything related to my users --
> relationships to orders, comments/feedback, etc.. ASPNETDB has a
> UserID property, but i cant seem to retrieve it via the MemberUser
> obj. and it doesnt look like a simple indentifier int, either.
>
> so, what is the consenus, here? how best to work w/ this model shift
> between 1.1 and 2.0? how does one link their custom business-rules
> User table to the authentication User table...!?
>
> thanks,
> matt



 
Reply With Quote
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      11-01-2005
Hello http://www.velocityreviews.com/forums/(E-Mail Removed),

have a look here - this is a good starting point for understanding the whole
provider pattern, and afterwards decide yourself if it makes sense to write
a provider, or simply migrate your code from 1.1 to 2.0
http://msdn.microsoft.com/library/de...vMod_Intro.asp

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> hello,
>
> im working on my first public-facing ASP.NET 2 website, and i have a
> question/concern about authentication integration.
>
> in ASP.NET 1.1, one would typically go w/ a "role yer own"
> webforms/database role-based model: in your db youd have a Users
> table, a RoleGroups table, a UserRoles table (see
> http://aspnet.4guysfromrolla.com/articles/082703-1.aspx).
>
> this worked well, because it hooked in directly with your typical
> Users table (UserID, UserName, Email, FirstName, LastName, etc...)
>
> in ASP.NET 2.0, one has the built-in Membership stuff, which uses its
> own SQL Server/Access database (the "ASPNETDB" datasource). and via
> Visual Studio 2005's "ASP.NET Configuration" GUI, one has many useful
> user/group management tools (add/delete role, find user, etc..!).
>
> however...i still need my custom db's User table -- as is expected,
> there are many columns i have for my users that are not in the
> MembershipUser object.
>
> herein lies the problem -- if i am to use ASP.NET 2's Authentication
> and RoleManagement funcationality (database), i am in effect
> maintaining *two* databases of users! the authentication db
> ("ASPNETDB"), and my customer db. this starts to add complication, not
> to mention data duplication. for example, if i wish to delete a user
> altogether, i must now delete the user in two different databases.
> likewise, if i wish to add a user, i have to add him in two databases
>
> another big concern is, most of my 1.1 apps use a simple Int32
> "UserID" identified column for anything related to my users --
> relationships to orders, comments/feedback, etc.. ASPNETDB has a
> UserID property, but i cant seem to retrieve it via the MemberUser
> obj. and it doesnt look like a simple indentifier int, either.
>
> so, what is the consenus, here? how best to work w/ this model shift
> between 1.1 and 2.0? how does one link their custom business-rules
> User table to the authentication User table...!?
>
> thanks,
> matt



 
Reply With Quote
 
matt@mailinator.com
Guest
Posts: n/a
 
      11-01-2005
> i don't think you must use what is provided i guess you should be able
> to write your own customized one


of that i am certain, but that isnt the point. i am looking for how to
work w/ the new security model.. and/or questioning the usefulness of
this new model.

matt

 
Reply With Quote
 
matt@mailinator.com
Guest
Posts: n/a
 
      11-01-2005
> in this case you will have to build your own membership provider

ive read the links. boy. seems like a lot of work... i mean, using the
1.1 in 2.0 would only take me a couple hours. but writing an entire
member provider implementation seems like it would take much, much
longer....

maybe its just my gut reaction. but it seems like so much work compared
to what im used to....


thanks,
matt

 
Reply With Quote
 
sillyevar
Guest
Posts: n/a
 
      11-06-2005
You are right. It is a lot of work. You already did the work up front
in your 1.1 application.

Now think back to when you were writing your user system. The new
membership provider would have saved you hours there. If you already
have all the features that the membership provider gives you, then
there is no reason for you to adopt it in your old app.

Sounds like you have a good answer.

 
Reply With Quote
 
matt@mailinator.com
Guest
Posts: n/a
 
      11-15-2005
> Now think back to when you were writing your user system. The new
> membership provider would have saved you hours there.


to a degree, yes -- primarily with password functionality. however, i
still dont see a way for someone (even if starting from scratch) to
build a customer-oriented, data-driven website and still not have to
write their own membership provider -- what enterprises *arent* still
going to need their own, custom user tables?

very few sites wont need their own user tables. which means spending a
lot of time writing a new provider.

> Sounds like you have a good answer.


yep. kept the 1.1 mode; just added a global.aspx (appears to be legacy
now?) to the project.

perhaps when there is free time, it will be spent writing a new
provider that inserts into my user table instead of microsoft's.


thanks
matt

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
question row filter (more of sql query question) =?Utf-8?B?YW5kcmV3MDA3?= ASP .Net 2 10-06-2005 01:07 PM
Quick Question - Newby Question =?Utf-8?B?UnlhbiBTbWl0aA==?= ASP .Net 4 02-16-2005 11:59 AM
Question on Transcender Question :-) eddiec MCSE 6 05-20-2004 06:59 AM
Question re: features of the 831 router (also a 924 question) Wayne Cisco 0 03-02-2004 07:57 PM
Syntax Question - Novice Question sean ASP .Net 1 10-20-2003 12:18 PM



Advertisments