tags:

views:

194

answers:

2
+1  Q: 

Password protection for ASP.NET web pages?

I am trying to implement the simplest shared 'files' folder for a website but wish to have a 'reasonable' level of access control - i.e no casual multimegabyte uploads from passing hoi-polloi.

Users are given a password etc. They then log-in, once credentials are successfully checked, they are given one of two possible access rights - read-only (RO) or read-write (RW) access to the files. 'write' in this context means they can upload files.

User management/registration/password reminders can all be handled manually - no code required at this point.

What is the best way to do this:

  1. Write a secret in the session variables?
  2. Store some kind of time-limited session key as a local cookie?
  3. Check the local database for some kind of session key?
  4. (heading for the too complex) use pukka .NET authentication mechanisms

Any constructive suggestions welcomed. I'd be especially delighted if someone could point me to a good example of the breed that was C#/ASP.NET based.

Many thanks

Jerry.

+8  A: 

I see no reason to reinvent the wheel when there are build in authentication mechanisms within asp.net. The easiest thing to implement would be asp.net forms authentication.

Here is a writeup on it: http://www.15seconds.com/Issue/020220.htm

You can map permissions for directories in the web.config and you can even store users and passwords here as well if you chose to go that route. That would be the easiest to get off the ground quickly, although not all that flexible or future proof.

Then you have asp.net Membership. This is an asp.net 2.0 feature which uses a provider model to provide membership features. There is a SqlMembershipProvider which provides all the plumbing you need to store membership information in a sql server database (there are scripts to automatically create the tables, sprocs etc as well).

More info here: http://msdn.microsoft.com/en-us/library/ms998347.aspx http://aspnet.4guysfromrolla.com/articles/102208-1.aspx

This is a bit more complex, but also much more robust.

Jim Petkus  2009-01-28 01:08:55
Hello JimThanks. asp.NET membership may be over-specified for this but I do like the idea. I will investigateJerry.
G Forty  2009-01-28 01:29:36
+1  A: 

Easiest example:

http://www.asp101.com/samples/login_aspx.asp

Graphain  2009-05-22 19:25:34
Nice. That wins the brevity contest :)
G Forty  2009-05-29 13:04:32

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?