Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. General Programming
  3. Design and Architecture
  4. ASP.NET Authentication and Scalability [modified]

ASP.NET Authentication and Scalability [modified]

Scheduled Pinned Locked Moved Design and Architecture
securityquestioncsharpasp-netdatabase
1 Posts 1 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W Offline
    W Offline
    Waleed Eissa
    wrote on last edited by
    #1

    Hi Gurus, I'm trying to create a website with scalability in mind but I'm a little stuck with ASP.NET authentication (Forms Authentication) because I simply don't know much about its internals. I wonder how high traffic websites like myspace.com handle authentication. Most pages in my application are public (i.e. accessible to anyone authenticated or not), only a few pages are only available to authenticated users. I'm basically trying to find answers to those questions: - As far as I understand from the documentation, ASP.NET Forms Authentication authenticates every request, ie. checks for the authentication cookie and if found it extracts the authentication ticket and decrypts it, is my understanding correct? And if so, can't this potentially affect performance esp. the decryption part? Is this needed for renewing the authentication cookies? (as I believe the ticket issuance time is saved inside the ticket so probably the cookie has to be decrypted anyway to get the ticket issuance time from the ticket then compare this to the current time and decide whether the cookie has to be renewed). If this is an absolute necessity (I'm talking about authenticating every request for the sake of cookie renewal), can we use an encryption algorithm with low overhead (in web.config, authentication element), still efficient? which encryption algorithm would you recommend in this case? - Is there any way I could make ASP.NET only authenticate requests to protected pages (=pages that are only accessible to authenticated users), BTW, in my application I don't use roles I only make those pages accessible to any authenticated user. Actually I read somewhere that I could write the code needed to authenticate the user only in those protected pages but I wonder whether I will have to handle cookie renewal in this case (this is one thing that's automatically handled by ASP.NET forms authentication) - Any ideas how I can get the last login with a persistent cookie? In my application I want to allow users to use the "remember me" option (which will send a persistent cookie to the user's computer), now the user doesn't log on explicitly anymore, so I can't put my code that saves the last login to the database in the login page hence it's not used by the user anymore, so how can I do this? I'm thinking about one way to do it but I'm a little worried about how this could impact performance, anyway, here's how .. in my application I need some user related data so I could probably get the data from the database whenever a user with

    1 Reply Last reply
    0
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Don't have an account? Register
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups