ASP.NET authentication

Question

when developing a login page i'm using the following method

 protected void btnLogin_Click(object sender, EventArgs e)
        {
            if (Validateuser())
            {
                GetUserRoles();
                Response.Redirect("Default.aspx");
                lblMsg.Text = string.Empty;
            }
            else
            {
                lblMsg.Text = "Invalid User!";
            }
        }

just check if the user is valid.if valid redirect to a page else display a message.so why we have to use asp.net authentication types? i've heard about windows,forms and passport authentication types.why we have to use them over the above method and whats the advantage of it.if possible please provide me some sample applications

Vijay Varadan · Accepted Answer

The basic idea is that rather than you rolling your own security for a website, you should use established, generally accepted techniques and libraries. This allows you to take advantage of the work of security experts who would have been involved in the design and implementation of such authentication & authorization systems. Additionally, there will be a number of features that are already or will be available over time (e.g. support for Active Directory / LDAP, organizational units (OU)). You can take advantage of all of that will modifications to your code, rather than having to implement those features when your users demand them.

Over and above all this, publicly available implementations get used and penetration tested by a wide audience which will report bugs and weaknesses. These will typically get fixed quickly and patches will be issued on a regular basis.

You can read this article from 4GuysFromRolla.com that will give you a good understanding of ASP.NET security options.

One thing to keep in mind - Passport authentication is no longer available to the general public. It's for user by Microsoft only.

ASP.NET authentication

Answers (2)

Related Questions