tags:

views:

65

answers:

4

I need to secure my website without using the ASP.NET built in login controls or the Forms Authentication.
Its need to support "normal" users and admin users.

Any suggestion? Thanks

A: 

Umm, a quick response is for you to checkout Authentication features provided by IIS. These include Kerbros, NTLM, Basic Auth, just to name a few.

JD
Any way to do this without messing with IIS?
Adir
Keberos, NTLM, Basic Auth all are non-IIS approaches.
rlb.usa
+5  A: 

Well, it's impossible to build anything in ASP.NET without a tag = )

I can't tell exactly what you are asking, so I will try to go over the whole groundwork.

ASP.NET Provides Different Authentication Models

  • You can use ASP.NET's built in authentication with Membership and Roles
  • You can write your own ASP.NET membership model
  • You can use another ASP.NET authentication model, such as Shibboleth, Windows/IIS, and others, see JD's post.
  • You can skip all of these and use your own "authentication", perhaps it is stored as a simple Session variable

ASP.NET Provides Different Controls

  • There is a handly Login control that integrated with ASP.NET's built in membership making things very easy.
  • If you don't want to use that, you can simply use ASP TextBoxes, Buttons, etc, and basically create your own login form.
rlb.usa
+1  A: 

In adition to JD's and rlb.usa's posts you can also use opemid or windowslive id authentication perhaps. both of these have membership providers for asp.net. Checkout Codeplex for those; however if you want a truly customazieable solution perhaps its best for you as rlb.usa pointed out a simple session variable solution.

Sevki
+1  A: 

Perhaps you want to use Windows Authentication (rather than Forms Authentication) with ASP.NET? You should choose Windows authentication if your user accounts are maintained by a domain controller or within Active Directory and there are no firewall issues. I think this is what you are after. Here's a decent write up.

Ben Griswold