Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Beginning ASP.NET Security
This is the forum to discuss the Wrox book Beginning ASP.NET Security by Barry Dorrans; ISBN: 978-0-470-74365-2
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning ASP.NET Security section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old June 17th, 2010, 07:35 AM
Registered User
 
Join Date: Jun 2010
Location: Kolkata
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default Security in ASP.NET

Security is a very wide reaching term. With Membership and Roles Provider it can be tackled to some extent. But Authenticataion and Authorization also plays a vital Role. Which one is prefrred and why?
Reply With Quote
  #2 (permalink)  
Old June 23rd, 2010, 02:38 AM
Imar's Avatar
Wrox Author
Points: 66,632, Level: 100
Points: 66,632, Level: 100 Points: 66,632, Level: 100 Points: 66,632, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 16,124
Thanks: 65
Thanked 1,386 Times in 1,366 Posts
Default

What exactly are you asking? When referring to authentication and authorization, you typically can't use one without the other.....

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
Reply With Quote
  #3 (permalink)  
Old June 24th, 2010, 08:39 AM
Registered User
 
Join Date: Jun 2010
Location: Kolkata
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Question Security

Many thanks Imar, actually I wanted to say, if I decide to use Membership or Role Providers beforehand, then are Authentication and Authorization neccessary in web.config?
I want to clarify it a little bit.
The different authentication modes are established through settings that can be applied to the application’s web.config file but the same effect can be made by using Membership or Role providers.

But, suppose, I beforehand used Membership and Role providers and later in my Administrator or Member's Page_Load event use code like this
Code:
if (User.IsAuthenticated)
{
//code goes here...
}
else
Server.Transfer(....);
In this way I can resist general users not to enter restricted pages without using Authentication or Authorization.
Now my question : Is it a good practice or I should always use Authentication or Authorization?


Reply With Quote
  #4 (permalink)  
Old June 24th, 2010, 08:56 AM
Imar's Avatar
Wrox Author
Points: 66,632, Level: 100
Points: 66,632, Level: 100 Points: 66,632, Level: 100 Points: 66,632, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 16,124
Thanks: 65
Thanked 1,386 Times in 1,366 Posts
Default

I am not sure what you mean with "using Authentication or Authorization". These are not technolgies, but concepts. You can implement authentication or authorization with the Membership and Role services. With these two services enabled you can write code similar to what you posted here. Personally, I would protect the entire page with URL Authorization rather than programmatically.

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
Reply With Quote
The Following User Says Thank You to Imar For This Useful Post:
sanjibsinha (June 25th, 2010)
  #5 (permalink)  
Old June 25th, 2010, 09:00 AM
Registered User
 
Join Date: Jun 2010
Location: Kolkata
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Thumbs up Security

I've just read the chapter of Security(Page 579) from your book "Beginning
ASP.NE T 4 in C# and VB".
To quote from your book :
"ASP.NET 4 ships with a number of application services, of which the most important ones are:
Membership: Enables you to manage and work with user accounts in your system.
Roles: Enables you to manage the roles that your users can be assigned to.
Profile: Enables you to store user-specific data in a back-end database."
Actually it was my fault in understanding. Anyway I got the answer. Many thanks Imar.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
security problem asp net 2 amzar ASP.NET 2.0 Basics 1 August 4th, 2008 10:21 AM
PageWise security in asp.net balesh.mind ASP.NET 2.0 Professional 1 February 29th, 2008 12:37 PM
Security In Asp.net 2.0 mallikalapati ASP.NET 2.0 Professional 2 February 11th, 2008 09:15 AM
Integrating Security with ASP and ASP.NET thenoseknows ASP.NET 2.0 Professional 1 July 25th, 2007 05:11 PM
ASP.NET Security unclehughie Wrox Book Feedback 0 July 16th, 2003 03:45 PM



All times are GMT -4. The time now is 09:31 AM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.