Recommendation
-
I'm in the process of building my first n-tier software package. However I'm kind of stuck on a design decision. I posted in the C# forum since this is the language I am using, however the responses will most likely be algorithmic and language agnostic. So here is the issue (VERY basic) I'm sure... Each user needs to be logged into the program in order to use it. I'm going to use a basic username/password authentication scheme however, how would I implement this? I've never done anything like this before and I am not a professional. My first idea was to keep a SQL2005 table of users with information for each user such as password and other personal information. I was going to use SqlCommand() to do a select query where the username and password match on a character by character basis. Is this the best, or at least an "ok" way to do this? How is authentication "normally" implemented using .NET? Thanks, John
-
I'm in the process of building my first n-tier software package. However I'm kind of stuck on a design decision. I posted in the C# forum since this is the language I am using, however the responses will most likely be algorithmic and language agnostic. So here is the issue (VERY basic) I'm sure... Each user needs to be logged into the program in order to use it. I'm going to use a basic username/password authentication scheme however, how would I implement this? I've never done anything like this before and I am not a professional. My first idea was to keep a SQL2005 table of users with information for each user such as password and other personal information. I was going to use SqlCommand() to do a select query where the username and password match on a character by character basis. Is this the best, or at least an "ok" way to do this? How is authentication "normally" implemented using .NET? Thanks, John
I am not sure I would say anything is the normal way. Username/Password is common, but never store or send the password in clear text. Encrypt it in some way, MD5 hash is common but can be broken (as most methods can be. Another option is if all machines are on the same domain. Use windows authentication, this fails if users leave and do not password lock their machines however. In some cases I have also read machine information (mac address, etc.) and allow user X to only come via machine y. Depends on what you are looking for. In any event, along with the username/password fields have fields for last login time/date and number of login failures. If unused for x days, lock the account or if x unsuccessful attempts also lock the account. "Every new day begins with possibilities. It's up to us to fill it with things that move us toward progress and peace.” (Ronald Reagan)
-
I'm in the process of building my first n-tier software package. However I'm kind of stuck on a design decision. I posted in the C# forum since this is the language I am using, however the responses will most likely be algorithmic and language agnostic. So here is the issue (VERY basic) I'm sure... Each user needs to be logged into the program in order to use it. I'm going to use a basic username/password authentication scheme however, how would I implement this? I've never done anything like this before and I am not a professional. My first idea was to keep a SQL2005 table of users with information for each user such as password and other personal information. I was going to use SqlCommand() to do a select query where the username and password match on a character by character basis. Is this the best, or at least an "ok" way to do this? How is authentication "normally" implemented using .NET? Thanks, John
You want to read up on implementing an extension of the Microsoft Provider from MSDN (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/ASPNETProvMod_Intro.asp[^]. After reading and understanding that you can then go through the an example here on CP that uses MySQL vice SQL Server (http://www.codeproject.com/aspnet/mysqlmembershipprovider.asp[^]) hth Al
-
I'm in the process of building my first n-tier software package. However I'm kind of stuck on a design decision. I posted in the C# forum since this is the language I am using, however the responses will most likely be algorithmic and language agnostic. So here is the issue (VERY basic) I'm sure... Each user needs to be logged into the program in order to use it. I'm going to use a basic username/password authentication scheme however, how would I implement this? I've never done anything like this before and I am not a professional. My first idea was to keep a SQL2005 table of users with information for each user such as password and other personal information. I was going to use SqlCommand() to do a select query where the username and password match on a character by character basis. Is this the best, or at least an "ok" way to do this? How is authentication "normally" implemented using .NET? Thanks, John
Why not just require they log into their Windows account and assume they are therefore authenticated? Anyone who thinks he has a better idea of what's good for people than people do is a swine. - P.J. O'Rourke