.NET Platform | Login systems in asp.net: an article I wrote

Author	Message	Time
peofeoknight	http://www.webreference.com/programming/asp/quasi/index.html Yes the code is very basic, but its a question I get a lot on http://forums.webdeveloper.com so I wrote an article sent it in and now its published. Hopefully if it gets good traffic they will ask me to come back and write more; when they ask you to write, rather then sending it in voluntarily you get $.	March 4, 2004, 11:05 PM
Adron	Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication?	March 4, 2004, 11:51 PM
Myndfyr	[quote author=Adron link=board=37;threadid=5602;start=0#msg47509 date=1078444283] Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication? [/quote] I'm not sure I understand what you mean; Windows NTLM authentication can be transparent. In fact, ASP.NET shipped with three transparent forms of authentication: NTLM, .NET Passport, and Forms (you provide some custom security on Web Forms).	March 5, 2004, 1:54 AM
Adron	What I mean is to make a browser pop up the standard login window that appears on an "authorization required" response from the server. Then receive the username and password (which doesn't exist as a system user) and look them up in your own database table, kind of like what Apache can do with .htaccess and .htpasswd?	March 5, 2004, 2:11 AM
peofeoknight	No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this.	March 5, 2004, 4:52 AM
Adron	[quote author=peofeoknight link=board=37;threadid=5602;start=0#msg47597 date=1078462326] No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this. [/quote] And you're using the native http authentication, not a form or a scripted input box?	March 5, 2004, 5:51 PM
Kp	[quote author=Myndfyre link=board=37;threadid=5602;start=0#msg47551 date=1078451698]Windows NTLM authentication can be transparent.[/quote] Minor point here: it tends not to be (at least in the sense that it works smoothly the first time :)). We ([vL]) went to a great deal of trouble to get secure logins working with Asgard again because NTLM does not automatically work properly with browsers that are not IE. This tended to cause problems for members who don't use Windows for web browsing... :P	March 5, 2004, 10:03 PM
peofeoknight	[quote author=Adron link=board=37;threadid=5602;start=0#msg47696 date=1078509061] And you're using the native http authentication, not a form or a scripted input box? [/quote]I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form. NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security).	March 5, 2004, 10:52 PM
Adron	[quote author=peofeoknight link=board=37;threadid=5602;start=0#msg47793 date=1078527154] I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form. NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security). [/quote] That's not what I'm after. One example of what I might want to do is have a near-infinite number of accounts available by having a password calculated from the account name. Without adding all those accounts to the user database in windows. And using http authentication.	March 6, 2004, 1:01 AM
peofeoknight	well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts.	March 7, 2004, 1:25 AM
Adron	[quote author=peofeoknight link=board=37;threadid=5602;start=0#msg47992 date=1078622716] well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts. [/quote] Yes, it would. The ability to have the users in a database while still using http authentication is what I'm asking for :)	March 7, 2004, 11:23 AM
peofeoknight	well yea you can do that. Thats essentially what I am going to be doing.	March 7, 2004, 9:42 PM

Author

Message

Time

peofeoknight

http://www.webreference.com/programming/asp/quasi/index.html
Yes the code is very basic, but its a question I get a lot on http://forums.webdeveloper.com so I wrote an article sent it in and now its published. Hopefully if it gets good traffic they will ask me to come back and write more; when they ask you to write, rather then sending it in voluntarily you get $.

March 4, 2004, 11:05 PM

Adron

Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication?

March 4, 2004, 11:51 PM

Myndfyr

[quote author=Adron link=board=37;threadid=5602;start=0#msg47509 date=1078444283]
Can you with ASP.NET do authentication that looks like it was integrated, i.e. programmatically validate passwords submitted through HTTP authentication?
[/quote]

I'm not sure I understand what you mean; Windows NTLM authentication can be transparent. In fact, ASP.NET shipped with three transparent forms of authentication: NTLM, .NET Passport, and Forms (you provide some custom security on Web Forms).

March 5, 2004, 1:54 AM

Adron

What I mean is to make a browser pop up the standard login window that appears on an "authorization required" response from the server. Then receive the username and password (which doesn't exist as a system user) and look them up in your own database table, kind of like what Apache can do with .htaccess and .htpasswd?

March 5, 2004, 2:11 AM

peofeoknight

No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this.

March 5, 2004, 4:52 AM

Adron

[quote author=peofeoknight link=board=37;threadid=5602;start=0#msg47597 date=1078462326]
No, there is no htaccess. But you can do this with asp.net. I am actually working on a cms for a local church and making an https login and it prompts the user like this.
[/quote]

And you're using the native http authentication, not a form or a scripted input box?

March 5, 2004, 5:51 PM

[quote author=Myndfyre link=board=37;threadid=5602;start=0#msg47551 date=1078451698]Windows NTLM authentication can be transparent.[/quote]

Minor point here: it tends not to be (at least in the sense that it works smoothly the first time :)). We ([vL]) went to a great deal of trouble to get secure logins working with Asgard again because NTLM does not automatically work properly with browsers that are not IE. This tended to cause problems for members who don't use Windows for web browsing... :P

March 5, 2004, 10:03 PM

peofeoknight

[quote author=Adron link=board=37;threadid=5602;start=0#msg47696 date=1078509061]

And you're using the native http authentication, not a form or a scripted input box?
[/quote]I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form. NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security).

March 5, 2004, 10:52 PM

Adron

[quote author=peofeoknight link=board=37;threadid=5602;start=0#msg47793 date=1078527154]
I could really do it either way. I am going to use the http authentication, but If I wanted to I could use a form. NTFS permissions will be set to require users be logged into the domain on the login page. Basic authentication will be used (with SSL to ensure security).
[/quote]

That's not what I'm after. One example of what I might want to do is have a near-infinite number of accounts available by having a password calculated from the account name. Without adding all those accounts to the user database in windows. And using http authentication.

March 6, 2004, 1:01 AM

peofeoknight

well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts.

March 7, 2004, 1:25 AM

Adron

[quote author=peofeoknight link=board=37;threadid=5602;start=0#msg47992 date=1078622716]
well, like I said before there is no htaccess on iis. It would be a pain to have a large number of accounts actually on the server as apposed to just being in a data base, seems like it could get very nasty very fast. But just my thoughts.
[/quote]

Yes, it would. The ability to have the users in a database while still using http authentication is what I'm asking for :)

March 7, 2004, 11:23 AM

peofeoknight

well yea you can do that. Thats essentially what I am going to be doing.

March 7, 2004, 9:42 PM

Valhalla Legends Forums Archive | .NET Platform | Login systems in asp.net: an article I wrote