View Single Post
 
Old April 23rd, 2008, 05:13 AM
robzyc robzyc is offline
Friend of Wrox
 
Join Date: Mar 2007
Location: Hampshire, United Kingdom.
Posts: 432
Thanks: 0
Thanked 1 Time in 1 Post
Default ASP.NET Authorisation / Authentication

Hi Guys,

Well the time has finally arrived and I have begun working on my first ever ASP.NET project! :)

My first question is about authorisation and authentication...

My project is to migrate an ASP Classic system to .NET.

The current system contains a login form (suprise!) which submits the username/pass to a DB on our servers to see if the user and pass are correct. It then returns the users ID if found.

Pages are then rendered according to roles/permissions. Which are also stored on our database. If the logged in user has the permission to view a page, then it renders the page content, otherwise is presents an error and pings them back to the previous page.

So, the question(s) are:
  • What is considered "best practice" for authentication?
  • How might you suggest working with the roles/permissions?

I obviously want to make a good impression with it being my first web project and all, and I know I have a lot to learn, so I thought I had best get on here because I know a lot of you guys really kick ass! :)

I understand that these are quite "open" questions, I am not looking for code (unless maybe the odd snippet) but more suggestions/pointers on things I should research..

Thanks guys, I appreciate it.

Rob
http://robzyc.spaces.live.com
__________________
Rob
http://cantgrokwontgrok.blogspot.com