> Howdy,
>
> I've written a few apps already and I have done custom authentication
> like so: prompt for user name and password, verify information against
> SQL table, then load returned username, ID, security, etc. into
> session state. This works and frankly I'm not sure why i'm posting
> this except for that I want to be 'correct' in my apps.
>
> I notice .Net supports Authentication Modes. Which is the better one
> to use? I have a basic understanding of each provider and it appears
> that the Forms Authentication Provider is the preferred method? Using
> Forms, how do I specify the database table in SQL to use? Also, once
> validated, it loads the user information into a cookie for later
> retrieval. Can I load more information into this cookie, like custom
> security levels, etc. Currently, I basically have a range from 1
> through 10 specifying security levels, will this still work or does
> Forms process security itself?

>
> Same questions with Windows Auth. I've used Windows Auth in some
> legacy ASP apps and was able to determin security levels by a users
> membership to domain groups. Does this provider work the same? How do
> I read the security information?

>
> Eh, PassPort is cool but I not necessary for me so I don't care enough
> to ask.
>
> I've been reading through MSDN articles pertaining to these but my
> questions can't seem to get answered with MS Docs. Any help and
> clarity is greatly appreciated!
>
> Thanks!
>
> David Lozzi
>

wrote in message news:621141632574614842703824@news.microsoft.com...
> Hello David,
>
> inline
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> Howdy,
>>
>> I've written a few apps already and I have done custom authentication
>> like so: prompt for user name and password, verify information against
>> SQL table, then load returned username, ID, security, etc. into
>> session state. This works and frankly I'm not sure why i'm posting
>> this except for that I want to be 'correct' in my apps.
>>
>> I notice .Net supports Authentication Modes. Which is the better one
>> to use? I have a basic understanding of each provider and it appears
>> that the Forms Authentication Provider is the preferred method? Using
>> Forms, how do I specify the database table in SQL to use? Also, once
>> validated, it loads the user information into a cookie for later
>> retrieval. Can I load more information into this cookie, like custom
>> security levels, etc. Currently, I basically have a range from 1
>> through 10 specifying security levels, will this still work or does
>> Forms process security itself?
>
> You do that manually - you have to provide a login page - and handle the
> login button click event - then you go to a datastore and validate
> credentials. The authentication cookie contains a 'UserData' field where
> you can store arbitrary additional information, e.g. Roles or what you
> call Security Levels. Upon each request then you create a IPrincipial
> implementation and attach it to the current thread.
>>
>> Same questions with Windows Auth. I've used Windows Auth in some
>> legacy ASP apps and was able to determin security levels by a users
>> membership to domain groups. Does this provider work the same? How do
>> I read the security information?
>
> Regardless of what AuthType you use - the IPrincipal which is accessible
> through Page.User or Context.User contains a IsInRole("") method to query
> role membership
>
> i have a full working example of FormsAuth on my blog - this should get
> you started..feel free to ask more questions after you looked at the code.
> http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a
>
>>
>> Eh, PassPort is cool but I not necessary for me so I don't care enough
>> to ask.
>>
>> I've been reading through MSDN articles pertaining to these but my
>> questions can't seem to get answered with MS Docs. Any help and
>> clarity is greatly appreciated!
>>
>> Thanks!
>>
>> David Lozzi
>>
>
>
>

"David Lozzi" <dlozzi@(removethis)delphi-ts.com> wrote in message
news:%23P5nSXVjFHA.3544@TK2MSFTNGP15.phx.gbl...
> Thank you for your help! It helped a lot. I got my sample app here:
>
> users are redirected to login.aspx. After entering username and password,
> formsauthentication is taken care of and cookies and all that stuff. After
> this is happy, it then redirects the user to default.aspx, at which point
> I can pull the user's username (context.user.identity.name).
>
> I can't seem to figure out how to pull the remaining information about the
> user, security level, full name, email addy, etc. This is usually stored
> in a session state but I see no session info in this. I can think of one
> possible solution, and that would be to query the database everytime I
> needed this information. Is this a good idea? Is this better than a
> session state?
>
> Thanks!
>
> David Lozzi
>
> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
> wrote in message news:621141632574614842703824@news.microsoft.com...
>> Hello David,
>>
>> inline
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>
>>> Howdy,
>>>
>>> I've written a few apps already and I have done custom authentication
>>> like so: prompt for user name and password, verify information against
>>> SQL table, then load returned username, ID, security, etc. into
>>> session state. This works and frankly I'm not sure why i'm posting
>>> this except for that I want to be 'correct' in my apps.
>>>
>>> I notice .Net supports Authentication Modes. Which is the better one
>>> to use? I have a basic understanding of each provider and it appears
>>> that the Forms Authentication Provider is the preferred method? Using
>>> Forms, how do I specify the database table in SQL to use? Also, once
>>> validated, it loads the user information into a cookie for later
>>> retrieval. Can I load more information into this cookie, like custom
>>> security levels, etc. Currently, I basically have a range from 1
>>> through 10 specifying security levels, will this still work or does
>>> Forms process security itself?
>>
>> You do that manually - you have to provide a login page - and handle the
>> login button click event - then you go to a datastore and validate
>> credentials. The authentication cookie contains a 'UserData' field where
>> you can store arbitrary additional information, e.g. Roles or what you
>> call Security Levels. Upon each request then you create a IPrincipial
>> implementation and attach it to the current thread.
>>>
>>> Same questions with Windows Auth. I've used Windows Auth in some
>>> legacy ASP apps and was able to determin security levels by a users
>>> membership to domain groups. Does this provider work the same? How do
>>> I read the security information?
>>
>> Regardless of what AuthType you use - the IPrincipal which is accessible
>> through Page.User or Context.User contains a IsInRole("") method to query
>> role membership
>>
>> i have a full working example of FormsAuth on my blog - this should get
>> you started..feel free to ask more questions after you looked at the
>> code.
>> http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a
>>
>>>
>>> Eh, PassPort is cool but I not necessary for me so I don't care enough
>>> to ask.
>>>
>>> I've been reading through MSDN articles pertaining to these but my
>>> questions can't seem to get answered with MS Docs. Any help and
>>> clarity is greatly appreciated!
>>>
>>> Thanks!
>>>
>>> David Lozzi
>>>
>>
>>
>>
>
>

> I said I can't seem to pull the other data, that is because I can't
> seem to add it.
>
> "David Lozzi" <dlozzi@(removethis)delphi-ts.com> wrote in message
> news:%23P5nSXVjFHA.3544@TK2MSFTNGP15.phx.gbl...
>
>> Thank you for your help! It helped a lot. I got my sample app here:
>>
>> users are redirected to login.aspx. After entering username and
>> password, formsauthentication is taken care of and cookies and all
>> that stuff. After this is happy, it then redirects the user to
>> default.aspx, at which point I can pull the user's username
>> (context.user.identity.name).
>>
>> I can't seem to figure out how to pull the remaining information
>> about the user, security level, full name, email addy, etc. This is
>> usually stored in a session state but I see no session info in this.
>> I can think of one possible solution, and that would be to query the
>> database everytime I needed this information. Is this a good idea? Is
>> this better than a session state?
>>
>> Thanks!
>>
>> David Lozzi
>>
>> "Dominick Baier [DevelopMentor]"
>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>> news:621141632574614842703824@news.microsoft.com...
>>
>>> Hello David,
>>>
>>> inline
>>>
>>> ---------------------------------------
>>> Dominick Baier - DevelopMentor
>>> http://www.leastprivilege.com
>>>> Howdy,
>>>>
>>>> I've written a few apps already and I have done custom
>>>> authentication like so: prompt for user name and password, verify
>>>> information against SQL table, then load returned username, ID,
>>>> security, etc. into session state. This works and frankly I'm not
>>>> sure why i'm posting this except for that I want to be 'correct' in
>>>> my apps.
>>>>
>>>> I notice .Net supports Authentication Modes. Which is the better
>>>> one to use? I have a basic understanding of each provider and it
>>>> appears that the Forms Authentication Provider is the preferred
>>>> method? Using Forms, how do I specify the database table in SQL to
>>>> use? Also, once validated, it loads the user information into a
>>>> cookie for later retrieval. Can I load more information into this
>>>> cookie, like custom security levels, etc. Currently, I basically
>>>> have a range from 1 through 10 specifying security levels, will
>>>> this still work or does Forms process security itself?
>>>>
>>> You do that manually - you have to provide a login page - and handle
>>> the login button click event - then you go to a datastore and
>>> validate credentials. The authentication cookie contains a
>>> 'UserData' field where you can store arbitrary additional
>>> information, e.g. Roles or what you call Security Levels. Upon each
>>> request then you create a IPrincipial implementation and attach it
>>> to the current thread.
>>>
>>>> Same questions with Windows Auth. I've used Windows Auth in some
>>>> legacy ASP apps and was able to determin security levels by a users
>>>> membership to domain groups. Does this provider work the same? How
>>>> do I read the security information?
>>>>
>>> Regardless of what AuthType you use - the IPrincipal which is
>>> accessible through Page.User or Context.User contains a IsInRole("")
>>> method to query role membership
>>>
>>> i have a full working example of FormsAuth on my blog - this should
>>> get you started..feel free to ask more questions after you looked at
>>> the code.
>>> http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f
>>> -98d0-bc8cfbec4c3a
>>>
>>>> Eh, PassPort is cool but I not necessary for me so I don't care
>>>> enough to ask.
>>>>
>>>> I've been reading through MSDN articles pertaining to these but my
>>>> questions can't seem to get answered with MS Docs. Any help and
>>>> clarity is greatly appreciated!
>>>>
>>>> Thanks!
>>>>
>>>> David Lozzi
>>>>

wrote in message news:623661632574976692376912@news.microsoft.com...
> Hello David,
>
> you could stuff them in the cookie (see my SetAuthCookie method) - but
> keep in mind that a cookie is limited to 4KB)
>
> System.Web.Cache would be another option...
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> I said I can't seem to pull the other data, that is because I can't
>> seem to add it.
>>
>> "David Lozzi" <dlozzi@(removethis)delphi-ts.com> wrote in message
>> news:%23P5nSXVjFHA.3544@TK2MSFTNGP15.phx.gbl...
>>
>>> Thank you for your help! It helped a lot. I got my sample app here:
>>>
>>> users are redirected to login.aspx. After entering username and
>>> password, formsauthentication is taken care of and cookies and all
>>> that stuff. After this is happy, it then redirects the user to
>>> default.aspx, at which point I can pull the user's username
>>> (context.user.identity.name).
>>>
>>> I can't seem to figure out how to pull the remaining information
>>> about the user, security level, full name, email addy, etc. This is
>>> usually stored in a session state but I see no session info in this.
>>> I can think of one possible solution, and that would be to query the
>>> database everytime I needed this information. Is this a good idea? Is
>>> this better than a session state?
>>>
>>> Thanks!
>>>
>>> David Lozzi
>>>
>>> "Dominick Baier [DevelopMentor]"
>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message
>>> news:621141632574614842703824@news.microsoft.com...
>>>
>>>> Hello David,
>>>>
>>>> inline
>>>>
>>>> ---------------------------------------
>>>> Dominick Baier - DevelopMentor
>>>> http://www.leastprivilege.com
>>>>> Howdy,
>>>>>
>>>>> I've written a few apps already and I have done custom
>>>>> authentication like so: prompt for user name and password, verify
>>>>> information against SQL table, then load returned username, ID,
>>>>> security, etc. into session state. This works and frankly I'm not
>>>>> sure why i'm posting this except for that I want to be 'correct' in
>>>>> my apps.
>>>>>
>>>>> I notice .Net supports Authentication Modes. Which is the better
>>>>> one to use? I have a basic understanding of each provider and it
>>>>> appears that the Forms Authentication Provider is the preferred
>>>>> method? Using Forms, how do I specify the database table in SQL to
>>>>> use? Also, once validated, it loads the user information into a
>>>>> cookie for later retrieval. Can I load more information into this
>>>>> cookie, like custom security levels, etc. Currently, I basically
>>>>> have a range from 1 through 10 specifying security levels, will
>>>>> this still work or does Forms process security itself?
>>>>>
>>>> You do that manually - you have to provide a login page - and handle
>>>> the login button click event - then you go to a datastore and
>>>> validate credentials. The authentication cookie contains a
>>>> 'UserData' field where you can store arbitrary additional
>>>> information, e.g. Roles or what you call Security Levels. Upon each
>>>> request then you create a IPrincipial implementation and attach it
>>>> to the current thread.
>>>>
>>>>> Same questions with Windows Auth. I've used Windows Auth in some
>>>>> legacy ASP apps and was able to determin security levels by a users
>>>>> membership to domain groups. Does this provider work the same? How
>>>>> do I read the security information?
>>>>>
>>>> Regardless of what AuthType you use - the IPrincipal which is
>>>> accessible through Page.User or Context.User contains a IsInRole("")
>>>> method to query role membership
>>>>
>>>> i have a full working example of FormsAuth on my blog - this should
>>>> get you started..feel free to ask more questions after you looked at
>>>> the code.
>>>> http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f
>>>> -98d0-bc8cfbec4c3a
>>>>
>>>>> Eh, PassPort is cool but I not necessary for me so I don't care
>>>>> enough to ask.
>>>>>
>>>>> I've been reading through MSDN articles pertaining to these but my
>>>>> questions can't seem to get answered with MS Docs. Any help and
>>>>> clarity is greatly appreciated!
>>>>>
>>>>> Thanks!
>>>>>
>>>>> David Lozzi
>>>>>
>
>
>