.net authentication/security type stuff

B

bizzydint

Well-known member
Joined
Apr 8, 2003
Messages
75
Ive got to make some changes to an existing log-in system on our site and I havent got a clue how it currently hangs together.

So simple question 1: Does anyone know of any good tutorials on that type of thing?


A bit more detail Question 2 (just for wyrd ;))
Our site currently has a http:// url, which redirects the user to a https:// site, on which they tells us the username/password and we can log them into the main site.

However, many search engines dont like to bookmark redirecting pages - and im not entirely sure they like secure (https) ones either (???)

So we want to have the login box on the http page (with lots of other useful info that search engines will like) - which logs them into the main app on the https site. So how the hell do i do it?

The obvious: Response.redirect("https://www.blah.com/home.aspx") loses the session information so the user just gets the login page again (but on the secure site instead!)


The problem is that I dont currently understand how it all works, so any tutorial type stuff would be appreciated...(Id really prefer not to paste code - seeing as i dont know enough to determine how much of it I could make public!!)

cheers my dears
;)
 
If you have a look at Forms authentication it allows you to redirect to a login page, and after the user is validated sends them to their original destination.
 
cheers - seems useful....

i also managed to track down this: http://www.15seconds.com/issue/020220.htm
which i thought was a good starting point!

Only problem is that my boss has told me to stop working on this cos more important stuff has come up! dagnamit.

But ill have to come back to it, so if anyone can provide any more assistance, i would make my life much much simpler :)
 
Im with mutant - ASP.NET Unleashed. Tutorials are okay I suppose, but I find books a much better resource, especially when it comes to answering questions quickly.
http://www.amazon.com/exec/obidos/t...f=sr_1_1/102-8623408-7558524?v=glance&s=books

It covers security quite extensively (3 chapters), and also a chapter on user sessions. Click the "look inside" link on the URL above and check it out for yourself. Oh.. and theres also a few chapter in the back "Creating an Online Store" which may help you further with security and sessions.

Its got 4/5 stars because 1) People whine that it doesnt cover C#, 2) People whine that it uses exclusively notepad and doesnt cover the .NET IDE, and 3) Some say there are errors in some of the code examples.
 
None of those points bother me :). I dont know why people lower the rating for things like that, but mostly because its not C#, its a VB book, instead of ranting the guy who said that should find another book :).
:) :D
 
Just realised i hadnt read plausiblyDamps post earlier and wanted to clarify.....

I understand the "redirectFrom login" function (?) of Forms authentication. Seems useful. BUT - The problem is we want the login to be on the site home page which also contains lots of other useful info and links as well as marketing info for the site.
So we want that page to get found by search engines etc. Therefore, if the user goes to that page first, what url would they get redirected to??


As for the book: might see if i can persuade the boss to get it for me :) Although, is this one just particularly good for the security stuff and there are other books that are better for the rest of the gumpf???
 
Originally posted by bizzydint

As for the book: might see if i can persuade the boss to get it for me :) Although, is this one just particularly good for the security stuff and there are other books that are better for the rest of the gumpf???
Click to expand...

That book is 1400 pages full of great info. The author did a great job and I really recommend that book. It talks about many things, controls, cookies, authentication, ADO.NET and many more.
 
Back
Top