Re: Converting from asp to asp.net / security
From: Dave (non_at_nospam.com)
Date: 01/27/05
- Next message: Stuart: "RE: Browsing issues"
- Previous message: Oleg Ogurok: "Re: Active Directory Login Page DN Format?"
- In reply to: Cowboy (Gregory A. Beamer) - MVP: "RE: Converting from asp to asp.net / security"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 28 Jan 2005 02:55:05 +1300
Thanks Gregory,
How would that relate to my situation of an existing database of 1000+
users?
The database would need to remain, and the users login.
Im just still not to sure what happens next :-)
Forms authentication in the config file would accomodate this and then
wouldnt require me adding further protection to my converted asp pages?
(other than removing the existing protection :)
"Cowboy (Gregory A. Beamer) - MVP" <NoSpamMgbworld@comcast.netNoSpamM> wrote
in message news:B0AFB781-F9A1-4742-B01E-583E7933195C@microsoft.com...
> With .NET, you can do one of two things:
>
> 1. Set the application up as secure and exclude specific pages from a
login
> 2. Set the application up as insecure and force the user to log in for
> specific pages
>
> In addition, config files cascade, so you can set up specific locations as
> secure by either creating applications under your main application or
setting
> up .config files for specific directories.
>
> Bearing this in mind, it is as easy as setting up a authentication method
> and forcing users to authenticate to avoid the session("logged_in") check.
It
> takes a few seconds in the web.config file to set this up and you gain a
> benefit hard (or perhaps harder) to achieve in ASP: The user can bookmark
a
> specific page and be thrown to login, then redirected back to the page
> (without any code on your part).
>
> The biggest, largely unspoken, caveat is you should have a page called
> default.aspx in your application for people who bookmark the login page.
> Otherwise, it has nowhere to redirect and goes to a hard-coded
default.aspx,
> causing an error.
>
> ---
>
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
>
> ***************************
> Think Outside the Box!
> ***************************
>
> "Dave" wrote:
>
> > Hi, Im considering converting a legacy application from asp to aspx
(vb) -
> > just for the purpose of learning (Im new at .net, but experienced at
> > vbscript)
> >
> > What I need to get my head around, is page security.
> > Currently this app has a database login which sets session values for
> > username etc
> >
> > Pages within this web are then protected by the usual "If
> > session("loggedin") = true then..." kind of code.
> >
> > I can continue the same sort of logic with an aspx page, but should I?
> > Is there a better / more efficient way to take the users existing
database
> > login and use it for page access? Use the web.config file as well /
instead
> > of?
> > What would be the best practice to do that ?
> >
> > Thanks!
> >
> >
> >
> >
- Next message: Stuart: "RE: Browsing issues"
- Previous message: Oleg Ogurok: "Re: Active Directory Login Page DN Format?"
- In reply to: Cowboy (Gregory A. Beamer) - MVP: "RE: Converting from asp to asp.net / security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
