Wrox Programmer Forums
|
BOOK: Beginning ASP.NET Security
This is the forum to discuss the Wrox book Beginning ASP.NET Security by Barry Dorrans; ISBN: 978-0-470-74365-2
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning ASP.NET Security section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 17th, 2010, 07:35 AM
Registered User
 
Join Date: Jun 2010
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default Security in ASP.NET

Security is a very wide reaching term. With Membership and Roles Provider it can be tackled to some extent. But Authenticataion and Authorization also plays a vital Role. Which one is prefrred and why?
 
Old June 23rd, 2010, 02:38 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

What exactly are you asking? When referring to authentication and authorization, you typically can't use one without the other.....

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
 
Old June 24th, 2010, 08:39 AM
Registered User
 
Join Date: Jun 2010
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Question Security

Many thanks Imar, actually I wanted to say, if I decide to use Membership or Role Providers beforehand, then are Authentication and Authorization neccessary in web.config?
I want to clarify it a little bit.
The different authentication modes are established through settings that can be applied to the application’s web.config file but the same effect can be made by using Membership or Role providers.

But, suppose, I beforehand used Membership and Role providers and later in my Administrator or Member's Page_Load event use code like this
Code:
if (User.IsAuthenticated)
{
//code goes here...
}
else
Server.Transfer(....);
In this way I can resist general users not to enter restricted pages without using Authentication or Authorization.
Now my question : Is it a good practice or I should always use Authentication or Authorization?


 
Old June 24th, 2010, 08:56 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

I am not sure what you mean with "using Authentication or Authorization". These are not technolgies, but concepts. You can implement authentication or authorization with the Membership and Role services. With these two services enabled you can write code similar to what you posted here. Personally, I would protect the entire page with URL Authorization rather than programmatically.

Cheers,

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
The Following User Says Thank You to Imar For This Useful Post:
sanjibsinha (June 25th, 2010)
 
Old June 25th, 2010, 09:00 AM
Registered User
 
Join Date: Jun 2010
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Thumbs up Security

I've just read the chapter of Security(Page 579) from your book "Beginning
ASP.NE T 4 in C# and VB".
To quote from your book :
"ASP.NET 4 ships with a number of application services, of which the most important ones are:
Membership: Enables you to manage and work with user accounts in your system.
Roles: Enables you to manage the roles that your users can be assigned to.
Profile: Enables you to store user-specific data in a back-end database."
Actually it was my fault in understanding. Anyway I got the answer. Many thanks Imar.





Similar Threads
Thread Thread Starter Forum Replies Last Post
security problem asp net 2 amzar ASP.NET 2.0 Basics 1 August 4th, 2008 10:21 AM
PageWise security in asp.net balesh.mind ASP.NET 2.0 Professional 1 February 29th, 2008 01:37 PM
Security In Asp.net 2.0 mallikalapati ASP.NET 2.0 Professional 2 February 11th, 2008 10:15 AM
Integrating Security with ASP and ASP.NET thenoseknows ASP.NET 2.0 Professional 1 July 25th, 2007 05:11 PM
ASP.NET Security unclehughie Wrox Book Feedback 0 July 16th, 2003 03:45 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.