login authentication system c# .net

views:

1031

answers:

login authentication system c# .net

I have a simple site with a simple db. i want the ability to have some sort of login system. there will be 2 types of user: Admins and Non-Admins

How can i easily create a login system using my existing database. i have read around using membership providers and using the tool aspnet_regsql.exe but dont know too much.

i'm working in c# .net 2.0.

any links/tutorials will be useful

thanks

+4 A:

ASP.NET Security Tutorials
And More Security Tutorials

Nick 2009-08-17 21:14:55

Yep, the Membership (http://www.asp.net/learn/security/#membership) and Roles (http://www.asp.net/learn/security/#roles) tutorials should get you going nicely.

Zhaph - Ben Duguid 2009-08-18 09:45:12

You seem to be looking for Form Authentication, which is part of asp.net. Hopefully, you are using a SQL Server or SQL Express database, in which case the aspnet_regsql tool will allow you to create a user table if you don't already have one. If you do have a user table or if you are not using a MS database, then you will need to write your own user membership provider. However, do not worry, it is not really difficult and there are tons of example on the net.

To begin with, a link with a sample to implement Form Authentication, which explain the controls to use on your pages: http://www.15seconds.com/Issue/020220.htm

Also, Microsoft has some example of provider implementations: http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx. To search for more information, look for 'asp.net custom membership provider' in your favorite search engine.

ADB 2009-08-17 21:22:37

I walked through the Microsoft C# Tutorial :

http://msdn.microsoft.com/en-us/library/879kf95c.aspx

If you run through the tutorial just email me if you get stuck.

djangofan 2009-08-17 21:32:35

You should look into ASP.NET Forms Authentication.

However, if that is a bit heavy handed, and you are dealing with a small, one-webserver site I would recommend a simple traditional form login system implemented with good security practices in mind. Doing so is an excellent way to learn the various aspects of general web security, if you haven't already.

When a user authenticates, keep a reference to that user in their Session object as well as a timestamp so you can time users out accordingly.

Try to avoid sending credentials in the clear as much as possible.
Enforce session timeouts and block bulk login attempts.
Never ever store passwords as cleartext.
Use SHA hashes instead of MD5 hashes.
Use a salt in your hashes and keep the salt seperated from credentials in the db.
Check timeouts and user credentials on every page. Having a base class for your pages facilitates this well.
Always, always use parametized queries especially on your login screen, as this is often the initial point of attack random miscreants will try to execute SQL injection on.

Good luck!

jscharf 2009-08-17 21:33:23

I had a similar project and had to setup a site where I had an administrator page and a user page. I googled around and found a few gems that helped me through it

Web Site Administration tool

Create your own Web Site Administration tool

4 Guys from Rolla (the first link) probably has a tutorial to get you started on using the membership provider. Once you understand how to use that, you can move on to how to be able to specify which type of user goes to which pages upon login.

Jeff 2009-08-18 07:19:24

ansaurus

tags:

views:

answers:

login authentication system c# .net

related questions