Authentication for asp.net website without using any database

Question

Is there any way to provide user log-in without the need for a DB. We are deploying a system to control some hardware and the customer wants an interface they can access from a browser, but they also want to provide log-in to prevent just any body from accessing it.

I have no reason for a DB to implement what I need. I would hate to have to install a DB on the box just to provide authentication.

Pretty sure I am going to use a MVC web project.

Answer 1

You can enable authentication via your web config, and specify the users within the same file instead of a database.

An example of this would look like :

<authentication mode="Forms">
<forms loginUrl="MyLoginPage.aspx">
    <credentials passwordFormat="Clear">
        <user name="Darren" password="foobar" />
    </credentials>
</forms>
</authentication>

Then you could use it like

 if (FormsAuthentication.Authenticate (txtUserName.Text, txtPassword.Text)){
FormsAuthentication.RedirectFromLoginPage (txtUserName.Text, False);}

see here for more details

Answer 2

Sure. For very simple sites you can simply use forms authentication and store usernames/password (encrypted, of course!) in web.config or in a users.xml file.

For larger, more fully-featured sites you can implement a custom membership provider to use whatever backing store you like, or utilise one of the off-the-shelf ones that are out there (such as this xml membership provider).

Answer 3

Yes, you can use forms authentication and store the usernames and passwords in the web.config. I wouldn't recommend this approach for anything but the simplest sites.

Have a look at this MSDN article for more info:

http://msdn.microsoft.com/en-us/library/da0adyye.aspx

Answer 4

Using forms authentication you can store the credentials in the config file. Check out this MSDN Link