RE: Forms Authentication vs MembershipProvider

Hi Rory,

Does the information in previous messages help you some or do you still
have any questions about the forms authentication or membership service? If
so, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng [MSFT])
Organization: Microsoft
Date: Thu, 17 Jul 2008 06:02:22 GMT
Subject: RE: Forms Authentication vs MembershipProvider


Hi Rory,

First, I'm glad that you've got custom membership provider working, great
progress :)

For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to
make
some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?

For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1.1..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using
membershp.


And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You
can
also use membershp service without using Forms authentication.

Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.


#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx

#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet/2003/01/06/formsauthp1.html

#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
Resources
http://weblogs.asp.net/scottgu/archive/2006/02/24/ASP.NET-2.0-Membership_2C
0
0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx


Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <location> element in web.config file to specify the
authorization setting for a particular url (such as a sub folder or a
parituclar page).

#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorization>
setting.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#noti
f
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3af10347199e78cab57df852894a@xxxxxxxxxxxxxxxxxx>
From: Rory Becker <rorybecker@xxxxxxxxxxxxxxxx>
Subject: Forms Authentication vs MembershipProvider

The next stange is to move on to the creation of content which adjusts
based
on the user.

I have several pages which require a user to be logged on and several
which
do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.

Each page is pointed at the correct master page and away you go.

I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring
authentication were in one folder and pages not requiring authentication
were in another.

Can someone tell me...

1.> what is the relationship between Forms Authentication and the
Provider
model I am using?
2.> Does Membership replace Authentication?
3.> Does Roles replace Authorisation?
4.> Can I use Authorisation with Membership?
5.> Does any of what I'm saying make any sense?

Many thanks in advance.

--
Rory






.

Relevant Pages

  • RE: Securing a single aspx page
    ... forms authentication by default will allow everyone access ... authorization setting: ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Securing a single aspx page
    ... forms authentication by default will allow everyone access ... authorization setting: ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Defining Groups with AD users
    ... For ASP.NET authentication and role based authorization, ... you can configure the membership to use AD ... membership provider and Rolemanager to use SQL server provider. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How do you acces ASP.NET WAT on a Web server that doesnt have
    ... "Authentication and access control" ... The second option it to create your own management interface as following ... The third option is to manage in non-ASP.NET context using MemberShip ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Use login control to limit access to certain pages
    ... Membership Database to store your users and want unauthenticated users to ... The resources are scattered as you said, ... I want to confirm which authentication type you are using? ... without validation when request path is in this XML file. ...
    (microsoft.public.dotnet.general)