I'm creating an asp.net app with just some lite data access from xml files. However, I need to be able to authenticate administrative users (via forms) to manage that data. I don't want to stand up a sql db just for authentication purposes. I'd like to use xml, but not sure about security with that. Any suggestions? Custom role provider? MyOpenID?
+1
A:
Forms Authentication and store the membership in the web.config.
Ideally, this information should be encrypted or hashed in some fashion. User management is easier and more scalable with the db, but MS allows you to store in the web.config and probably other providers.
StingyJack
2008-11-14 19:12:51
+1
A:
I agree with StingyJack, but when you set up the Forms Authentication ensure you use some for of encryption. Even if you own the servers, you'll want this... What if someone figures out how to download your XML files?
Here are some encryption options:
- http://www.codeproject.com/KB/security/SimpleEncryption.aspx
- http://www.codeproject.com/KB/security/encryption_decryption.aspx
Now, if you want to stay away from using XML files to store your user authentication information, you could look at SQLite. It's a very light database -- much lighter than SQL Server (express or otherwise) and it is easy to implement. Below is a link to .NET libraries.
Frank V
2008-11-14 19:23:26