Last post Oct 18, 2014 10:07 AM by BrockAllen
Oct 18, 2014 07:22 AM|coollibran|LINK
I am creating a database driven website where I need to have atleast two administrators and many other members/users. I need the website to be secure and authentication and authorization is to be done.what all steps should be followed for creating the same.
I have read so many articles and it creates a confusion.What exact steps should be followed for the same.
Oct 18, 2014 07:38 AM|Rion Williams|LINK
What kind of web application are you building? Are you using ASP.NET MVC or Web Forms?
Each of the technologies mentioned above have a few different ways to handle authentication and authorization a bit more easily than others. The easiest approach would be to uses
persist for a given amount of time or until the user logs out.
The actual code to create these cookies is fairly simple and usually just requires a single method call like the following :
// This will generate a cookie for your specific user (username) and use a boolean to determine if it is persistent or not
Likewise, when the user needs to log off, they can use the FormsAuthentication.SignOff() method to dispose of the cookie :
// This will remove the Authentication token (cookie) for your current user
With regards to authorization, you can define settings within your web.config file that will restrict certain areas of your application to users based on their roles, their specific usernames or if they are even authenticated at all.
This blog post does a fairly decent job at explaining how to implement various levels of authorization within your web.config and it might be worth looking through.
Additionally, if you are using ASP.NET MVC
you might consider exploring the [Authorize] attribute, which can easily be used to restrict access to certain areas of your application at either the Controller or Action level. It's extremely easy to use and I would recommend it if you are dealing with
Oct 18, 2014 10:07 AM|BrockAllen|LINK
While Forms authentication is still supported and as Rion shows is fairly easy to use, it's technically deprecated. Its successor is the Katana cookie authentication middleware: