Login systems in asp.net: an article I wrote

[quasi-modo]

http://www.webreference.com/programming/asp/quasi/index.html
Yes the code is very basic, but its a question I get a lot on http://forums.webdeveloper.com so I wrote an article sent it in and now its published. Hopefully if it gets good traffic they will ask me to come back and write more; when they ask you to write, rather then sending it in voluntarily you get $.

[Adron]

Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication?

[MyndFyre]

Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication?

I'm not sure I understand what you mean; Windows NTLM authentication can be transparent.  In fact, ASP.NET shipped with three transparent forms of authentication: NTLM, .NET Passport, and Forms (you provide some custom security on Web Forms).

[Adron]

What I mean is to make a browser pop up the standard login window that appears on an "authorization required" response from the server. Then receive the username and password (which doesn't exist as a system user) and look them up in your own database table, kind of like what Apache can do with .htaccess and .htpasswd?

[quasi-modo]

No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this.

[Adron]

No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this.

And you're using the native http authentication, not a form or a scripted input box?

[Kp]

Windows NTLM authentication can be transparent.

Minor point here: it tends not to be (at least in the sense that it works smoothly the first time ).  We ([vL]) went to a great deal of trouble to get secure logins working with Asgard again because NTLM does not automatically work properly with browsers that are not IE.  This tended to cause problems for members who don't use Windows for web browsing...

[quasi-modo]

And you're using the native http authentication, not a form or a scripted input box?

I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form.  NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security).

[Adron]

I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form.  NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security).

That's not what I'm after. One example of what I might want to do is have a near-infinite number of accounts available by having a password calculated from the account name. Without adding all those accounts to the user database in windows. And using http authentication.

[quasi-modo]

well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts.

[Adron]

well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts.

Yes, it would. The ability to have the users in a database while still using http authentication is what I'm asking for

[quasi-modo]

well yea you can do that. Thats essentially what I am going to be doing.