View Single Post
 
Old April 24th, 2008, 02:13 AM
robzyc robzyc is offline
Friend of Wrox
 
Join Date: Mar 2007
Location: Hampshire, United Kingdom.
Posts: 432
Thanks: 0
Thanked 1 Time in 1 Post
Default

Hey Peter,

Thanks for the reply. I have of course been doing more digging. I dont think using the ASP.NET membership services will be an option, since my manager is really not keen to drop anything we already have in place (I have no idea if thats a good or bad thing at this stage, since I am kinda feeling in the dark). My current plans are to use the existing Login controls to basically capture the Authenticate event, and then pass the info on to the Authentication BLL layer that I am currently working on (which simply queries the DB, and throws exception based on Login Failed, DBError, whatever).

One question though, whats the security like on this? Is the password sent as plain text when the "Log In" button is clicked? I am just keen to know what security considerations I should have when using these controls, or even just authentication in general?

Can you also offer any useful links on implementing user management? Obviously you have said the existing controls can be moulded to work with existing infrastructure (similar to Login) I am assuming the same is possible?

Again, many thanks for the help and support, it really is appreciated! In time I will not be such a n00b and can hopefully take some of the burden off of your guys shoulders!

Rob
http://robzyc.spaces.live.com