I am planning to create a component that will be able to check user's credentials (username and password) and, if they are valid, return associated profiles. I don't want to use the providers that already exist in the .Net framework (I am trying to exercise my development skills ). Is there any pattern I can use? Or standards?
+2
A:
The providers that .Net supply are all derrived from System.Web.Security.MembershipProvider.
The best pattern you could follow is to write your own class that derives from Membership provider. That way you can write your own Authentication mechanism without having to worry about the security plumbing involved with checking authentication for every request.
matt_dev
2009-03-26 00:37:22
+1
A:
The membership providers are really nice, and you can definitely exercise your dev skills even if you use them. But you'd be developing something other than a user auth/profile service!.
If you truly want to roll it yourself, you need a store for the username and password hash. When users register, have them type in the password and then hash it. Store the username and password hash in whatever store you choose. Then, when a user logs in, you hash the pw they provide and check it against the stored hash.
For the simplest cases you could just use an XML file with a list of elements, one element per user, and you can use XmlSerialization to slurp it in and save it.
<UserDB>
<user>
<name>Obsidian</name>
<pwhash>8731876r4hndmhduihd</pwhash>
<dateadded>2009-03-25-18:34:44</dateadded>
</user>
</UserDB>
But you could also use a database, or AD/AM, some other store.
Cheeso
2009-03-26 05:44:34