0

when developing a login page i'm using the following method

 protected void btnLogin_Click(object sender, EventArgs e)
        {
            if (Validateuser())
            {
                GetUserRoles();
                Response.Redirect("Default.aspx");
                lblMsg.Text = string.Empty;
            }
            else
            {
                lblMsg.Text = "Invalid User!";
            }
        }

just check if the user is valid.if valid redirect to a page else display a message.so why we have to use asp.net authentication types? i've heard about windows,forms and passport authentication types.why we have to use them over the above method and whats the advantage of it.if possible please provide me some sample applications

Improve this question

2 Answers 2

Reset to default
2

The basic idea is that rather than you rolling your own security for a website, you should use established, generally accepted techniques and libraries. This allows you to take advantage of the work of security experts who would have been involved in the design and implementation of such authentication & authorization systems. Additionally, there will be a number of features that are already or will be available over time (e.g. support for Active Directory / LDAP, organizational units (OU)). You can take advantage of all of that will modifications to your code, rather than having to implement those features when your users demand them.

Over and above all this, publicly available implementations get used and penetration tested by a wide audience which will report bugs and weaknesses. These will typically get fixed quickly and patches will be issued on a regular basis.

You can read this article from 4GuysFromRolla.com that will give you a good understanding of ASP.NET security options.

One thing to keep in mind - Passport authentication is no longer available to the general public. It's for user by Microsoft only.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The code you shown is an old way of doing authentication. What if the user types the url of default.aspx directly ? How would you protect that ?

You need to learn latest ASP.NET 2.0 authentication basics:

http://www.eggheadcafe.com/tutorials/aspnet/009e2e5e-5a44-4050-8233-59a0d69844e8/basics-forms-authentication-in-aspnet-20.aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.