Results 1 to 3 of 3

Thread: [2005] Security Migration from Classic ASP to ASP.NET 2.0

  1. #1

    Thread Starter
    Fanatic Member bgmacaw's Avatar
    Join Date
    Mar 2007
    Location
    Atlanta, GA USA
    Posts
    524

    [2005] Security Migration from Classic ASP to ASP.NET 2.0

    We are working on a re-write of our main web application to take it from Classic ASP to ASP.NET 2.0. While the old application, which first went online in late 2000, is working well enough, structural changes with the company, new product lines, and steady increases in the number of customers are driving the re-write. And, as I mentioned in another thread about controls, management wants it to have a UI 'facelift'.

    The current security model, written before I got here, is role/page based and is stored in a SQL Server DB. Each page has an include that reads the DB upon page loading to confirm that the user has access to that particular page and the menu presented is role based. There are about 1500 regular users on the system plus about the same number of occasional ones so making radical changes that would require a total revamp the role based security are off the table for now. So, we have to use the current table structure to verify users and assign their role and access to individual pages.

    I've looked at the Login controls and other Forms Authentication classes and methods and written a few prototypes using them. However, I'm not sure if this can be fit into our current data model. I don't want to try to force a square peg in a round hole. Am I correct in assuming that I would have to write a custom MembershipProvider in order to work with our current data structure instead of the default DB schema? Is it just a bad idea to try to do this level of customization? Or am I missing something obvious?

    If using the .NET 2.0 built-in authentication methods aren't practical, do you have any suggestions on the best way to implement this security? Since we're just at the planning stages right now we have a lot of options on the direction to take as long as the underlying data structure stays the same as it is.

  2. #2
    Hyperactive Member kayos's Avatar
    Join Date
    Apr 2004
    Location
    Largo, Florida
    Posts
    306

    Re: [2005] Security Migration from Classic ASP to ASP.NET 2.0

    just so happens i was reading about this not too long ago! you should check out this article, it will put you on the right path:

    http://weblogs.asp.net/scottgu/archi...-net-urls.aspx


    If this post helps, please RATE MY POST!

    Using Visual Studio 2005 SE

  3. #3

    Thread Starter
    Fanatic Member bgmacaw's Avatar
    Join Date
    Mar 2007
    Location
    Atlanta, GA USA
    Posts
    524

    Re: [2005] Security Migration from Classic ASP to ASP.NET 2.0

    Thanks. That article had good info on what to do if you have the old and new running together on the same site but we won't be doing that. We're planning on making a full switchover to the entirely new 2003/IIS6 server when it goes into production. The current one is running under 2000 and the server box is completely maxed out.

    That "wildcard" pre-processing does look like an interesting possibility though. I'll have to see if there are any more articles about how to use it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width