As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I'm wondering how to approach the topic of user organizations in ASP.NET WebForms application and SQL Server 2008.
Create SQL Servers in-built Logins / Users
or
Create a Username / User and use it to connect to the database. A user data held in the table with password (salt).
Is the second option is a good option? If true please support me with your knowledge.
It sounds like Forms Authentication can help you immensely:
http://support.microsoft.com/kb/301240
For an ASP.NET application, you should be going with your second option.
You definitely want a strong hashing algorithm equipped with a fairly long salt to make sure your passwords are secure.
In terms of an algorithm, you should look at something like Bcrypt, it's got a pretty good reputation on Security StackExchange.
I would use the second option, I dont like builtin logon system. In an old project of mine, there is remember me system and it doesnt work now, and I cannot figure it out why it doesnt work.
It is always better to do your own logon system.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm a newbie. For impersonation in IIS, what do you think about it? I think it's unsafe. How can IIS spawn a Win32 thread to handle user request with user's identity? Does this mean this thread can do anything using user's identity without user's permission? For example, this thread can connect to other servers and do operations with user's identity.
When using impersonation you would generally create a user with only enough privileges to do what is required of it, e.g. read contents of a folder in c:\inetpub\wwwroot. Similar to how you wouldn't create a DB user that can delete tables when all you need is for it to read some values.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
My boss, a dba, is telling me there is a way to authenticate a .net web site using sql server 2005 and later. Not forms authentication, not nt authentication, not passing a sql server login in a connection string, etc., but using sql server. Apparently you can let it handle everything. I have not been able to find anything on this. Any ideas?
SQL Server Authentication is really either rolling out Forms authentication yourself or use the out-of-the-box SqlMembershipProvider. The MSDN documentation has a very comprehensive example there.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
What are the competitors for the standard ASP.NET login web controls?
I want to build a scalable site and manage the users.
You have several options, there is DotNetNuke which is a big time opensource user/login/permissions, CMS all free and works in .net with sql server. Also you can go to visual studio and start a new project and as long as you don't choose the empty project it will create a mini project with a login system that you have to add your database info and so on.
Then again if you're starting out there's nothing like learning and doing it yourself, its fairly simple.
sql server table with username, password, accesstype(admin, user)
login form with username, password fields
do a select to table passing username and passwords and see if it returns a value, if not the combo incorrect.
if it doesn't start session and set the user id in session if you need to use it somewhere else or just to make sure that it times out by checking that session id in everypage.
that's reallyyy basic but its the idea of it.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
The WebApp makes use of Asp.net membership, And roles with session. it also uses LLBLGen Pro as a datalayer.
My Question is what are the potential issues that might make this not work ?
A few of the potential issues that come to mind:
Security, users, groups/roles
Transactional semantics and boundaries
Porting existing stored procedures, functions, CLR code, etc.
Data type compatibility / semantics
Performance and scalability (each DB has its own areas of strengths and weaknesses)
Error reporting and recovery
Handling dynamic SQL
Lack of step-in debugging from ASP.NET to the DB with MySql
Database schema change management
Support for fulltext search
Differences in SQL queries and commands
Tool support: SQL profiler, Visual Studio T-SQL editor, etc.
Driver support
Multiple active result sets (if needed)
Async command support
I'm sure there's more...
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm a C# and PHP developer. At work, I just got some classic ASP stuff dumped in my lap. I only need to make edits for a few weeks so I don't want to have to learn too much about legacy stuff I'll never touch again. However, I do need to be able to do my job for this duration.
How can I get a good crash course in ASP? I need to get good-enough at it very quickly. What sites/books/resources would best fit this need?
http://www.w3schools.com has a really good ASP tutorial. It's actually what I used when I went into classic ASP from a PHP background in school.
realistically, classic ASP is just VBScript + a couple of libraries that handle web interaction.
The fastest way is here:
http://msdn.microsoft.com/en-us/library/d1wf56tt.aspx
understand the basics of VBScript (it's relatively tiny)
then understand the basic objects of classic ASP
Request
Response
Server
Session
Application
ASPError
check out http://www.devguru.com/ and go to the vbscript section for quick references to their functions