ASP.NET Authentication in the Real World

Previous page
Table of content
Next page


You should use ASP.NET authentication whenever you have a site that presents, edits, or manipulates information that not everyone should have access to. Some people think that keeping a site’s location secret is a good way to stop intruders from getting access. While this is true to some extent, it is no substitute for authentication—hackers use commonly available programs that sniff out locations of Web sites. So, if your security strategy relies on people not knowing where your site is, it’s definitely time to start thinking about authentication. Obscurity is not security.

Each of the three ASP.NET authentication mechanisms is best suited for a different type of Web application:

  • Forms-based authentication Great for applications for which you want to manage the user list yourself or store extra information—such as the contents of a shopping cart or customizations— about the user on the server.

  • Windows authentication Great for intranet applications, which have all the users on the same domain as the Web server.

  • Passport authentication Great for public sites for which you don’t want to maintain user sign-in names, passwords, etc. It’s also good for maintaining authentication across a number of disconnected Web sites because the authentication is centrally managed by the Microsoft .NET Passport service.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
MySQL Clustering
Cisco Voice Gateways and Gatekeepers
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy