User authentication database in App_Data folder - is it not that dangerous?
We are planning to use ASP.NET standard user authentication for our application. However, by default this requires our user database to be present on our web server in the App_Data folder.
This is usually a big no-no for us - our databases are behind a firewall and all access is through the WCF service layer.
If the database was on a different server, but is directly accessible from a web server, then this is still against our normal architecture rules.
Should we be worried about our user database living on our web server? Does ASP.NET offer an out-of-the-box option?
NOTE. We are using .NET 3.5 and SQL Server 2005
source to share
You can install the required db tables etc. in any SQL Server database.
Use the aspnet_regsql.exe wizard found in C: \ WINDOWS \ Microsoft.NET \ Framework ....... to configure the target database.
Then just update the connection strings in the provider configurations in the web.config file.
source to share
Yes and Yes.
-
If you need to roam to multiple web servers, you should not have user data on one of those servers.
-
It takes a couple of times to do this, but check out this link for details on MSDN. How to use SQL Server Authentication in ASP.NET 2.0
source to share
you can create your own custom membership provider by overriding the methods and properties of the following abstract class: public abstract class MembershipProvider. After you override them, you can use any valid data source to authenticate the user. For example, you can use MYSQL, SQL server or even XML file to authorize your users. These vendor models are really cool.
source to share