User Name and Passwords...

[dj4uk]

Its better to use ASP.NET built-in Forms Authentication than writing everything bespoke.

Loads of articles -> http://www.google.co.uk/search?hl=en...e+Search&meta=

HTH

DJ

[Magiaus]

Its better to use ASP.NET built-in Forms Authentication than writing everything bespoke.

Loads of articles -> http://www.google.co.uk/search?hl=en...e+Search&meta=

HTH

DJ

No it' not. There quite a few pitfalls you can come across when using Forms, and isn't it based on your windows login name? You couldn't pay me to use forms.

[dj4uk]

Chill out!

It's a matter of opinion - why reinvent the wheel when a system is already available - granted there may be a couple of pitfalls for some situations but in general these don't apply or can be avoided.

You are getting Windows-Based authentication mixed up with Forms-Based authentication which can use a database, XML, or even web.config file to store authentication details.

DJ

[Magiaus]

Ok. Didn't mean to come across as hostile. I just like to be in control. You know backdoor and all that....

[dj4uk]

Tis ok.

Every system has weaknesses - I've used Forms-Based authentication quite a bit and have had no problems so far - I have been careful to keep abreast of any issues e.g. SQL injection weaknesses etc. and ensured these have been addressed. I just think its too good a system just to ignore and start again from the ground up.

I'm sure if I wrote a system from scratch it would work just as well but I wouldn't be able to test it against as many attack techniques as an existing system has been. Its best to be aware of problems and fix them than to be blissfully ignorant.

Each to their own.

DJ