Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > High Level Question

Reply
Thread Tools

High Level Question

 
 
GaryDean
Guest
Posts: n/a
 
      06-26-2007
I'm trying to decide if we should use the ASP.Net 2.0 authentications tools
or role-our-own forms authentication as we always did (with little work) in
1.1 apps. what I'm afraid of is that we will get stuck on a cul-de-sac as
we sometimes do using those "no code required" tools.

I see I can define users and roles and access to folders but can I add my
own data about the users - for instance I would certainly need their
employee number or maybe other things about them such a which fields they
can see on the payroll file. Can I do this? Is this what Profiles are for?

Are there any gotchas in these tools? ( I know there are no gottchas in the
role-our-own solution).

Thanks,
Gary Blakely


 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      06-26-2007
That's an excellent question!

The one important point here is - membership is not made for extensibility.
If the membership feature does 100% what you need - go for it. If not - there
is no point in doing providers for providers sake.

You cannot add additional data to the memership table (at least not in a
clean way) - that's what profile is for.

That said - another fact is that MS is integrating membership/roles into
a couple of products (WCF, IIS7, Sharepoint) - and if you plan to use them
in the future - you can easily integrate your auth logic...

I would say if you have a working implementation already think about two
things

a) just use what you have (and works)
b) write a thin wrapper around some of your existing functionality using
membership/roles - just enough to enable RAD tools and reuse...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> I'm trying to decide if we should use the ASP.Net 2.0 authentications
> tools or role-our-own forms authentication as we always did (with
> little work) in 1.1 apps. what I'm afraid of is that we will get
> stuck on a cul-de-sac as we sometimes do using those "no code
> required" tools.
>
> I see I can define users and roles and access to folders but can I add
> my own data about the users - for instance I would certainly need
> their employee number or maybe other things about them such a which
> fields they can see on the payroll file. Can I do this? Is this what
> Profiles are for?
>
> Are there any gotchas in these tools? ( I know there are no gottchas
> in the role-our-own solution).
>
> Thanks,
> Gary Blakely



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"Low-level vs High-level Programming" and a lot more... Scorpiion VHDL 1 12-25-2008 04:27 PM
High level design question Rob ASP .Net 5 11-19-2007 11:34 PM
High level data access question mikekissman@gmail.com ASP .Net 1 11-28-2005 04:02 PM
c is a low-level language or neither low level nor high level language pabbu C Programming 8 11-07-2005 03:05 PM
Newby High Level Design/Architecture Question Tobes \(Breath\) ASP .Net Web Services 2 11-19-2003 09:24 PM



Advertisments