Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > System Access Guidelines

Reply
Thread Tools

System Access Guidelines

 
 
Brett
Guest
Posts: n/a
 
      02-23-2009
Looking for documented guides for developing certain system access features
in ASP/VB .Net and even Classic ASP. With the newer technologies, I suspect
there's an easy way and a difficult way. For example, using the TIMEOUT
atrribute of Forms Authentication. You could certainly code that
functionality as well, but...

Some specific fetaures I'm looking into include:
- Auto-generate a first time password that must be changed on first login
- Change password every xx days
- Requiring strong passwords
- Disable password reuse
- Limit the number of login attempts,m then lock user out
- Auto-logout after xx minutes of inactivity

I'm guessing there's a book or on-line resource or something else that
covers these.

Thanks

Brett Ossman
 
Reply With Quote
 
 
 
 
Brett
Guest
Posts: n/a
 
      02-23-2009
Just let me add that a book, etc. on key productivity features of VS 2008
and framework 3.5 would be good to. Again, just key or especially noteworthy
features for starters.

Thanks again
 
Reply With Quote
 
 
 
 
Brett
Guest
Posts: n/a
 
      02-23-2009
Looking for documented guides for developing certain system access features
in ASP/VB .Net and even Classic ASP. With the newer technologies, I suspect
there's an easy way and a difficult way. For example, using the TIMEOUT
atrribute of Forms Authentication. You could certainly code that
functionality as well, but...

Some specific fetaures I'm looking into include:
- Auto-generate a first time password that must be changed on first login
- Change password every xx days
- Requiring strong passwords
- Disable password reuse
- Limit the number of login attempts,m then lock user out
- Auto-logout after xx minutes of inactivity

I'm guessing there's a book or on-line resource or something else that
covers these.

Thanks

Brett Ossman
 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      02-23-2009
To a great extent, much of this depends on what you use for the backing
store for your identities.

For example, if you were to use AD or AD/LDS as the backing store with the
AD membership provider, then all these ID management features (lockout,
strong passwords, expiration, etc.) are handled by the underlying directory
store. However, if you use SQL, then you must come up with a way to build a
lot of them yourself. The providers can help with this, but there is likely
additional work to do.

Also note that it can be quite difficult to handle things like password
expiration for systems where the user is not logging in frequently as you
generally need some sort of external notification mechanism (email message
or something) to let them know their password is expiring.

The actual timeout of the cookie for forms auth is just a configuration
setting in web.config and is independent of the underlying store.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Brett" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Looking for documented guides for developing certain system access
> features
> in ASP/VB .Net and even Classic ASP. With the newer technologies, I
> suspect
> there's an easy way and a difficult way. For example, using the TIMEOUT
> atrribute of Forms Authentication. You could certainly code that
> functionality as well, but...
>
> Some specific fetaures I'm looking into include:
> - Auto-generate a first time password that must be changed on first login
> - Change password every xx days
> - Requiring strong passwords
> - Disable password reuse
> - Limit the number of login attempts,m then lock user out
> - Auto-logout after xx minutes of inactivity
>
> I'm guessing there's a book or on-line resource or something else that
> covers these.
>
> Thanks
>
> Brett Ossman


 
Reply With Quote
 
Brett
Guest
Posts: n/a
 
      02-23-2009
Thanks for the reply.

It will definitely be a SQL backend. I figured I would have to develop
these features, and could certainly figure out a way to do so. I was just
wondering if there were book(s), article(s), etc. that cover these topics to
save some time. I want to make sure I take full advantage of the VS 2008 and
..Net 3.5 tools available.

Thanks again

Brett Ossman
 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      02-23-2009
I know there is a book out there about the membership system specifically
that might be interesting to you. Unfortunately, I haven't read it myself
so I don't know whether it addresses any of your specific concerns or not.
I don't know how people tend to add this to SQL normally as I don't actually
work with SQL-based identity stores.

I hope you get some good answers.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Brett" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks for the reply.
>
> It will definitely be a SQL backend. I figured I would have to develop
> these features, and could certainly figure out a way to do so. I was just
> wondering if there were book(s), article(s), etc. that cover these topics
> to
> save some time. I want to make sure I take full advantage of the VS 2008
> and
> .Net 3.5 tools available.
>
> Thanks again
>
> Brett Ossman


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Case Gallery rules and Guidelines Silverstrand Case Modding 0 06-20-2005 11:38 PM
Portable Coding Guidelines? Roger VHDL 0 12-17-2004 07:33 PM
Code Guidelines JIT ASP .Net 2 11-02-2004 06:57 AM
Is WPS compatible with Smart client as defined in WISPr guidelines nsmurthy Wireless Networking 0 08-13-2004 10:23 AM
VHDL Coding Guidelines Francisco Camarero VHDL 1 07-08-2003 08:17 PM



Advertisments