Results 1 to 9 of 9

Thread: Checking

  1. #1

    Thread Starter
    New Member
    Join Date
    Oct 2013
    Posts
    12

    Checking

    I have a login page,I want to check whether the username and password entered in this page will match those details in the database.If so then the control must go to other page.I am confused about the method definition for the checking.I need some suggestions.

  2. #2
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Checking

    If you have use the default asp.net membership database then you can find out, using the membership class. If not then you must be more specific.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  3. #3

    Thread Starter
    New Member
    Join Date
    Oct 2013
    Posts
    12

    Re: Checking

    Quote Originally Posted by sapator View Post
    If you have use the default asp.net membership database then you can find out, using the membership class. If not then you must be more specific.
    I am using SQL Server database

  4. #4
    ASP.NET Moderator gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Checking

    Hello,

    For getting started with the membership provider, have a look here:

    http://msdn.microsoft.com/en-us/library/ms731049.aspx

    But as a word of warning, you might want to have a look at this:

    http://brockallen.com/2012/09/02/thi...plemembership/

    Gary

  5. #5
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Checking

    Not entirely agree with the article on asp.net db. Just read a small part and the guy claims a DOS if you try to unlock a user and there is no auto unlock.True but with very small manipulations you can pop an sproc in there for a non DOS unlock feature. Also i don't think there is a problem with security if i understand correctly on what he is claiming. You can have hashed password by configuring web.config. It's true that it lucks many feature (and i am the no1 micro$oft hater) and i had to extend the db for my needs but it pretty descend, especially if you try to build your own membership provider without proper knowledge. You will get DOSed in the first minute going live. I remember that we had an example here. I never got DOS in the membership provider till know, if you configure it properly it's difficult to have security issues, of course possible but difficult.IMO.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  6. #6
    ASP.NET Moderator gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Checking

    Hello,

    I guess the point that Brock is making, and it is a valid one, is that these things that you mention, and others, are not enabled by default. You have to, as you say either enable them, or make your own changes to make it work. For people just starting with Security, ASP.Net Membership is a good first step (and I have suggested that people use it in the past) however, I think care has to be taken to ensure that people konw what they are getting themselves into, and be aware of the pitfalls that lie in front of them.

    Gary

  7. #7
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Checking

    True enough but membership can be extended and i am not aware why MS did not do that in later versions. Btw if there is another asp.net membership like interface that does more better would be nice to know as building one from scratch requires extended knowledge and time that many do not have.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  8. #8
    ASP.NET Moderator gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Checking

    That would be what Brock has created. It is called MembershipReboot. It is linked at the bottom of the article that I posted. He has taken all the things that he believes is "wrong" with the built in membership provider, and done things "right". It is sort of why I posted the link to the article in the first place

  9. #9
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Checking

    Ah, gotcha. Good to know, i have most of these taken care of myself (well not mobile or cert base authentication) but will take a look if i want to extend something in the future.I was asking in general for the forum's sake, so they can be redirected here.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width