.Net Security - How to implement?

Dr_Evil · 14 May 2007 at 10:34

Hi all,

i need to implement security on a webapp i've built in .Net 2.0. We need loads of users and about 5 different user-types. Depending on the user-type, certain features need to be enabled/disabled per page.

I need an easy and flexible way of using this model, with minimal additional code per page. Also it needs to be very secure. It will run on a webserver with an SSL certificate installed.

just need some advise on how to do this.

pinkaardvark · 14 May 2007 at 10:38

if intranet the use windows domain policy, esle stick with passwords and hashes. .NET 2.0 provides all the controls, just need to wire em up. I'm sure there's plenty of samples if you look at the login control documentation in msdn.

akakjs · 14 May 2007 at 19:42

Have a look at ASP.NET membership I'd suggest looking at using the SqlMembershipProvider for the user management, and SqlRoleProvider for your security permissions.

It should get you started and is very tweakable (your can write your own membership & role providers).

akakjs

pinkaardvark · 14 May 2007 at 21:18

Yep and if you do follow the above asp.net 2.0 route suggested above have a look here for some excellent templates that will provide all the code you need.

http://msdn.microsoft.com/vstudio/express/vwd/starterkit/

also some vid webcasts to give you an intro as well as supporting docs.

Dr_Evil · 15 May 2007 at 17:20

thanks guys - .Net 2.0 Role/Membership Provider is exactly what I needed!