|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Custom AuthenticationI am implementing some custom authentication for an intranet app I am
building for my company. It is all done and working but I was wondering if anyone knows if there are any downsides in terms of speed and scalability in making your own authentication. Obviously if it is badly coded you will have perfomance issues but if anyone knows of any common pitfalls or any information they can share on the matter it will be greatly appreciated. Can you explain more about your custom authentication?
Do you mean username and password? or something else? Shaun Show quoteHide quote "SirPyros" wrote: > I am implementing some custom authentication for an intranet app I am > building for my company. It is all done and working but I was wondering > if anyone knows if there are any downsides in terms of speed and > scalability in making your own authentication. Obviously if it is badly > coded you will have perfomance issues but if anyone knows of any common > pitfalls or any information they can share on the matter it will be > greatly appreciated. > > its an ihttp module which handles the authenticaterequest event. It's
similar to forms authentication, but I added better role checking, and the permissions don't have to be in the web.config, I populate a class with all of my page permissions and load it into application variable. Then when user tries to go to a page it sees if page is restricted , if it is it checks if user is authenticated and then checks if the user belongs to a role that can access this page. It sounds similar to what we do where I get the users permissions from the
database and is also similar to the samples presented by IBuySpy and dotnetnuke we build the permissions and then use the IsInRole method of a class whose name escapes me at the moment Show quoteHide quote "SirPyros" <SirPy***@hotmail.com> wrote in message news:1112824872.518367.69180@f14g2000cwb.googlegroups.com... > its an ihttp module which handles the authenticaterequest event. It's > similar to forms authentication, but I added better role checking, and > the permissions don't have to be in the web.config, I populate a class > with all of my page permissions and load it into application variable. > Then when user tries to go to a page it sees if page is restricted , if > it is it checks if user is authenticated and then checks if the user > belongs to a role that can access this page. > 
Other interesting topics
Difference between VS2003 / VS20005 causes CRYPTO BAD DATA excepti
Cannot Run Application on Windows Server 2003 Cannot run program from network drive Changing folder security RE: Designtime licenses, I just don't get it User's Privileges ?cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttri Forms authentication to enter a static website Windows Authentication Change in ASP.Net authentication between Win2000 and Win2003 |
|||||||||||||||||||||||
