Reputation: 843
ASP.NET SQL Server Database Authentication
I'm about to start working on an ASP.NET (C#) website project which requires users to authenticate and I've run into a bit of a design issue. I am required to use a SQL Server database to store the web app's data (to include user's login data), but all of the information I've found regarding ASP.NET and authentication uses Windows Authentication.
Now of course I could just write the code to query the database and check the users input against the database to see if the username/password exists (the current plan), but then how do I set the state of the session to authenticated along with other data (such as a user ID) so that the site can give the user only their data?
Upvotes: 0
Views: 1083
Answers (1)
Reputation: 48314
First, read more on Forms Authentication. You couldn't have really missed that (could you?) but it's the other major authentication mechanism that doesn't involve Windows accounts, instead the session is maintained with the help of a cookie that stores the user name together with any other so called user data (could be user ID or whatever else).
Second, the Membership/Role Provider mechanism is available for like 10 years - and it gives you an abstraction you implement on your own. The abstraction is about storing users/passwords/roles. The Membership/Role Provider is nowadays slowly replaced with the Identity 2.0 framework and you are free to choose the olderone or try the newer.
These two together, Forms Authentication and Membership/Role Provider, make a foundation of what you need.
The basic flow is as follows:
- users request various resources ("pages")
- some resources are guarded from anonymous access and require authentication/authorization
- the Forms Authentication module redirects requests to such resources to a login page (login view)
- in the login page you use the Membership/Role Provider to verify user and issue a Forms cookie
- you redirect back
The Forms authentication module now picks the cookie upon every request and recreates the identity so that the user is authenticated when your server code is about to run.
Upvotes: 3
Related Questions
- Connecting to SQL Server using windows authentication
- Using windows authentication in asp.net with c#
- asp.net windows authentication to sql server
- Asp.net login with SQL Server database
- ASP.NET Windows + Database Authentication
- Proper DB access authentication
- Using SQL Server authentication with ASP.NET forms authentication
- How to authenticate an asp.net web app to access sql database
- Authenticating a SQL account user name and password in ASP.NET
- C# & SQL Server Authentication