CODEWITHSUNDEEP
asp.netauthenticationforms-authentication
Boo
Boo

Reputation: 1654

ASP.NET authentication

I develop some site, that uses authentication ticket from API of other service. I have method GetSessionTicket() from API. And now question: can i do asp.net authentication thats depends only from cookie? Now i remove all section about Membership provider at web.config:

<add name="ApplicationServices"
     connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
     providerName="System.Data.SqlClient" />
<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />
  </providers>
</membership>
<profile>
  <providers>
    <clear/>
    <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
  </providers>
</profile>-->
<roleManager enabled="false">
  <providers>
    <clear/>
    <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
  </providers>
</roleManager>

and left this:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

LogOn logic looks like:

var ticket = SecurityService.GetSessionTicket(model.UserName, model.Password);
FormsAuthentication.SetAuthCookie(ticket.SessionUserId.ToString(), true);

Is it ok? Now my ASP.NET authorization based only on cookie and does not require sql server or aspnetdb.mdf, yes?

Upvotes: 0

Views: 354

Answers (1)

Mantorok
Mantorok

Reputation: 5276

Yes it is fine to do this, what you are essentially doing is implementing Forms authentication, without the membership database. You are not required to use a membership datbase to achieve authentication, and setting the cookies in code is fine.

Upvotes: 1

Related Questions