Authentication System for ASP.NET Web Applications?

Question

Authentication System for ASP.NET Web Applications?

I have a question:

How do I create a role-based web application? For example, forum sites have many types of users, administrator, moderator, etc. are the roles of these user types stored in the database or web.config? And when a user visits our site, how do you manage these user roles? In short, I want to learn about authorization and authentication.

Thank..

0

authentication authorization asp.net

mavera 08 nov. '08 at 6:48

source to share

3 answers

Check out these articles and videos:

Membership introduction
Role-Based Authorization Management
Create App Services Database for SQL Server
Exploring ASP.NET 2.0 Membership, Roles, and Profile
Membership and Role Providers in ASP.NET 2.0 (Tutorial)
ASP.NET Secure Video

+8

CMS 08 nov. '08 at 6:51

source to share

I found that built-in authorization schemes are great for simple situations where you only need to authenticate who can log in and who can leave, but not suitable for special situations like having special admin accounts, etc.

In these situations, I have created my own authentication scheme.

0

FlySwat 08 nov. '08 at 6:58

source to share

FlySwat · Accepted Answer · 2008-11-08T07:09:27+0000

@Mavera:

Basically, it's the concept of having your own user table in your own database where you can manage permissions and store login details (hash properly, of course). In the case of a tiered permission scheme, I usually use two or more tables, for example:

TblUsers:
-----------------------------------------------------------------
| UserID (PK) | UserName | HashedPassword | PermissionLevel (FK)|
|---------------------------------------------------------------|
|     1       | BobTables| adfafs2312     |         2           |
-----------------------------------------------------------------

TblPermissions
-------------------------------------
|  PermissionID (PK) | Description   |
--------------------------------------
|         1          |     User      |
|         2          |   SuperUser   |
|         3          |     Admin     |
--------------------------------------

You can add a third table that contains a one-to-many relationship between TblPermissions, which provides the actual capabilities that the user may be allowed to do.

The user's request would be as simple as:

SELECT TblUser.Username, TblPermissions.Description 
    FROM TblUsers, TblPermissions 
    WHERE TblUser.UserID = @UserID 
    AND TblUser.PermissionLevel = TblPermission.PermissionID;

Create your own class to encapsulate this information and store it in your ASP.NET session at login.

Authentication System for ASP.NET Web Applications?

More articles: