Re: I don't want to re-invent the Login/Login Wheel - Help with utilities

In the case of AS.NET app, being hosted by ISP, it is very likely the users are not windows domain user. So, using Windows authentication is likely out of connsideration.

Yes, if you use .NET1.1, there isn't built-in login control, and more importanltly there isn't ready-to-use membership component to use. So, you do have to re-invent the wheel of loging in/user membership logics, or you need to find available third party code to use. I'd strongly suggested you go with ASP.NET 2.0, which has built-in web app/site membership components, which you can easily use it to manager users who access to your web app/site. By default, the membership provider uses SQL Server or SQL Server Express. It you go with that, make sure you do not know SQL Server/Express well before rush into it (especially pay attention to avoid using SQL Server Express User Instance when going through website adminstration wizard in ASP.NET2.0).


"tjdarth" <tjdarth@xxxxxxxxxxx> wrote in message news:%23S3pxXoaIHA.2000@xxxxxxxxxxxxxxxxxxxxxxx
Thanks Norman for the quick response. Currently my client and I have agreed to make this an ASP.NET application because we are working with limited funds and would like to allow only select clientel to access our SQL database thru an ISP provider. We also agree that carrying this data along with other personal characteristic data for the user using this application would allow us to have better control over how long a user could use the same password. We feel that having the capability to force password change would be a better benefit in securing our application and data access. That was the reasoning behind asking about encryption/decryption methods.

I am currently trying to develop this ASP.NET application with VS 2003 .NET1.1 and Dreamweaver CS3. My understanding is that moving up to .NET2.0/3.0 or 3.5 would mean aquiring VS 2005 or VS 2008. I also have a valid copy of MS SQL 2000 which also means a possible move to a more current version of SQL as well. These things I need to investigate as to how far I can go with what I currently have.

I have been brainstroming about how to carry each users credentials for verification purposes at login time. Both Windows authentication and authorization wolud be be fine if we wanted the world to have access to our application data, but not very intuitive for maintaining integrity over our data. We actually would like to stay away from Win apps altogether partly because this wolud mean maintaining software on multipule machines, which could become cumbersome.

I greatly appreciate your feedback on this issue and hope you can share more knowledge with us as we go forward with this venture.

Thanks again . . .

Tom J.
"Norman Yuan" <FakeName@xxxxxxxxxxxxx> wrote in message news:u9GryMmaIHA.4172@xxxxxxxxxxxxxxxxxxxxxxx
Is this project a Win form app or ASP.NET app? Is the logging in process for authentication only, or for both authentication and authorization? If it is win form app, shoudn't the user have to log into his computer? So, the user should be considered authenticated. If it is ASP.NET, yu could use Windows authentication, so no logging in is required; if you choose Form authentication, ASP.NET2.0 has built-in login control to use. Unless you have very unique requirement, you to not need re-invent a simple wheel. But you can always choose to re-invent a rounder/fancier wheel to suit your special need.

"tjdarth" <tjdarth@xxxxxxxxxxx> wrote in message news:e2ZJzPfaIHA.4140@xxxxxxxxxxxxxxxxxxxxxxx
Hey guys, I am starting a small project for a friend who expects to have users do a normal logon process using UserName & Password variables. I want to save some time and find a reliable piece of code with encrypt/decrypt capabilities that has been written in either C# or VB.Net that would could be easily incorporated into my application. If there is a link that could be provided or other sources that you might think of, it would be appreciated.

Thanks in advance . . .





.