• Welcome to Valhalla Legends Archive.
 

Login systems in asp.net: an article I wrote

Started by quasi-modo, March 04, 2004, 05:05 PM

Previous topic - Next topic

quasi-modo

http://www.webreference.com/programming/asp/quasi/index.html
Yes the code is very basic, but its a question I get a lot on http://forums.webdeveloper.com so I wrote an article sent it in and now its published. Hopefully if it gets good traffic they will ask me to come back and write more; when they ask you to write, rather then sending it in voluntarily you get $.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Adron

Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication?

MyndFyre

Quote from: Adron on March 04, 2004, 05:51 PM
Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication?

I'm not sure I understand what you mean; Windows NTLM authentication can be transparent.  In fact, ASP.NET shipped with three transparent forms of authentication: NTLM, .NET Passport, and Forms (you provide some custom security on Web Forms).
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Adron

What I mean is to make a browser pop up the standard login window that appears on an "authorization required" response from the server. Then receive the username and password (which doesn't exist as a system user) and look them up in your own database table, kind of like what Apache can do with .htaccess and .htpasswd?

quasi-modo

No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Adron

Quote from: peofeoknight on March 04, 2004, 10:52 PM
No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this.

And you're using the native http authentication, not a form or a scripted input box?

Kp

Quote from: Myndfyre on March 04, 2004, 07:54 PMWindows NTLM authentication can be transparent.

Minor point here: it tends not to be (at least in the sense that it works smoothly the first time :)).  We ([vL]) went to a great deal of trouble to get secure logins working with Asgard again because NTLM does not automatically work properly with browsers that are not IE.  This tended to cause problems for members who don't use Windows for web browsing... :P
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

quasi-modo

#7
Quote from: Adron on March 05, 2004, 11:51 AM


And you're using the native http authentication, not a form or a scripted input box?
I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form.  NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security).
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Adron

Quote from: peofeoknight on March 05, 2004, 04:52 PM
I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form.  NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security).

That's not what I'm after. One example of what I might want to do is have a near-infinite number of accounts available by having a password calculated from the account name. Without adding all those accounts to the user database in windows. And using http authentication.

quasi-modo

well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

Adron

Quote from: peofeoknight on March 06, 2004, 07:25 PM
well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts.

Yes, it would. The ability to have the users in a database while still using http authentication is what I'm asking for :)

quasi-modo

well yea you can do that. Thats essentially what I am going to be doing.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle