views:

38

answers:

2

I hesitate to make a decision about the authentication and authorization in a new web application.

The Membership, Roles and Profile built in Asp.net 2.0 seems impressive, but there are too many things behind them, which is uneasy to find out.

I've decide use my own DB structure so I have to rewrite my own provider, but there is still some thing I can't figure out, such as session and cookie.What, when and how does it encrypt and after retrieving user info from DB, seems cookie is uesed but how about session? I make use of MSDN, .Net Reflactor and Goole but get no answer. I mean I know the configuration and result but not sure how.

I don't think I can do a good job in the later improvement and maintenance if I don't know how the things process behind the Login controls and membership components.

So help me please, what should I do? I want to know how things run behind the screen. Any suggestion is looking forward!

A: 

You should use .NET Reflector to find out how the .NET code works. You can also actually single-step into the sources in later versions of Visual Studio.

John Saunders
I'm very interested in the "single-step into the sources", it's huge usful! but I don't know how to implement it, would you like to give me some reference?
freeflying
[How to: Debug .NET Framework Source](http://msdn.microsoft.com/en-us/library/cc667410.aspx)
John Saunders
A: 

You can download the source code for the providers here. Learn as much as you want from it and see how Microsoft implemented it. You might even want to recycle some pieces on the FormsAuthenticationTicket.

Microsoft's also using salted hashing to store the passwords for increased security. That might also be of interest to you when you make your own providers.

XIII
I don't know how to express my appreciation! It's just what I want, thanks very much
freeflying
I'm sorry but the provider.msi I downloaded do nothing after installing. I mean I can't find the "install result" at the dedicated file path, why? and I find the whole install file just 175kB, it's big enough?
freeflying
The source code is installed in the c:\Program Files\ASP.NET Provider Toolkit SQL Samples\ directory.The directory is default and non-changed but show as able to custom.I think it's a bug make many guys crazy.
freeflying