开发者

Best approach to store login credentials for website

问答 作者:

I have cre开发者_开发百科ated a site in ASP.NET 3.5 & I have only 2 or 3 user login IDs who can login to the website.

What would be the best way to save these login details? Which of these approaches, or others, would be most suitable?

  1. Using Forms Authentication, and saving credentials (username and password) in web.config
  2. to create a text file in directory and modify it

Which approach is best from a security and maintenance perspective? What other approaches are suitable for a login system for ASP.NET?

Use the default ASP.NET Sql Membership Provider. The link will show you how to used it and get it configured.

Do you already have a database? If so, use forms authentication and ASP.NET membership like everyone says. It is real simple to integrate into your current database (assuming it's sql server - i don't know about others). I realize adding a DB for 2 or 3 users isn't always an option due to budget or whatever so you can use forms authentication and store the user in the web.config. I've done this in the past and it is very simple.

Your web.config will look like:

<authentication mode="Forms">
    <forms loginUrl="Login.aspx">
        <credentials passwordFormat="Clear">
            <user name="myUser" password="password" />
        </credentials>
    </forms>
</authentication>

Then you can use the built in login controls. If you do it this way you need to implement the Autenticate event.

    protected void Login1_Authenticate(object sender, System.Web.UI.WebControls.AuthenticateEventArgs e)
    {
        string UserName = Login1.UserName;
        string Password = Login1.Password;

        if (FormsAuthentication.Authenticate(UserName, Password))
        {
            e.Authenticated = true;
        }
        else
        {
            e.Authenticated = false;
        }
    }

Of course this isn't the most secure way to go about this, and you'll probably want to at least look at encrypting the credentials in the web.config, but it is simple and works when a database isn't an option.

With ASP.NET you can use some of the built-in/provided authentication providers that let you manage the users in a database and it uses proper guidelines like hashing passwords, etc. by default.

You could use ASP.NET membership. Even though you won't have many users, it handles all of the authentication details for you.

继续阅读:asp.netforms-authentication

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9