1

I'm developing an ASP.NET app (c#) that need to authenticate users. To do that I have a SQL Server database with the users of this application.

Which is the best way to do that?

I've been reading this:

How to: Implement Simple Forms Authentication

In the example I will to replace this code:

<script runat="server">
  void Logon_Click(object sender, EventArgs e)
  {
    if ((UserEmail.Text == "[email protected]") && 
            (UserPass.Text == "37Yj*99Ps"))
      {
          FormsAuthentication.RedirectFromLoginPage 
             (UserEmail.Text, Persist.Checked);
      }
      else
      {
          Msg.Text = "Invalid credentials. Please try again.";
      }
  }
</script>

With my ADO.NET Entity code to search the user on the database. It will work?

Another way is Membership ([http://msdn.microsoft.com/en-us/library/tw292whz.aspx][2]) but I think it is the hardest way.

Or maybe I can use Windows Live ID but I don't know how to connect Live ID with my users table.

Thank you!

Improve this question

3 Answers 3

Reset to default
6

Membership is the easiest way to provide authentication IMO. If you're interested in using it I recommend this tutorial by Scott Mitchell:

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Absolutely. Membership is there to take the hassle out of this process.
As stated in other answers, rule #1 is never write your own auth mechanism. The built-in Membership, Roles, and Profile providers work very well and are easy to use. The link ppiotrowicz provided, and the other 4guys tutorials are really very good at conveying the concepts and execution of how to do it.
3

One of the most important security rules (#7 on the OWASP top 10) is NOT to write your own authentication mechanism when there are tried and tested mechanisms available. ASP.Net Authentication is simple to use, and tried and tested, and you are setting yourself up for all kinds of pain if you proceed down the path of writing your own mechanism.

Top 10 2007-Broken Authentication and Session Management

Improve this answer

Comments

2

Both approaches will work but the recommended way would be to implement you're own Membership provider for two reasons:

  1. The built in .NET authentication mechanisms are likely to be more robust than yours
  2. It enables you to connect some of the standard .NET controls to your custom user database.

This page has instructions on how to implement your own Membership provider

Improve this answer

2 Comments

Do you have any example? I don't know how to do it.
If you've got your database of users already configured and full of user details, then writting a provider using the examples linked to would be the simplest option, followed by porting your user details to the standard ASP.NET SQL format.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.