[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

.NET Authentication & Authorizarion

Posted on 2004-04-29
2
Medium Priority
?
308 Views
Last Modified: 2010-04-15
Hi All,

I'm in the process of designing a web application for the Internet (ie: non secure) I have to decide on the best authentication/authorization method for my scenario.

The scenario is as follows:

I have an arbitrary number of users using my application. Every user has to be authenticated. Each authenticated user belongs to a user group and each group has it's own database and sub-application permissions. Each group will have access to some reports and other data outputs.

The main authentication methods are:

Windows - can not use as all internet users will require windows accounts
Passport - it's a 3rd party and pay service
Certificate - Not feasible here
Forms(cookies) - This will be a problem as cookies can be hacked and the user can gain full access.

The last one would be session variables.

1) What are the big pros and cons with this method?
2) Can a user just somehow hack his own session variables and destroy my authentication method?
3) Are there major restrictions on the session variables?

Thanks
Peter



0
Comment
Question by:Pete2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 9

Accepted Solution

by:
msdixon earned 400 total points
ID: 10950510
i think you're confusing authentication schemes with user information storage

i would suggest using forms authentication, and storing session information in a session variable(s), and the database. you may use sql server for your session information storage (it's a minor web.config modification), and store other neccesary info in the database. typically, i like to store as little information in sessions as possible (like a guid of the user id), and look up the information when i need it.
0
 

Author Comment

by:Pete2003
ID: 10953367
Thanks for the reply ...

I'm using Oracle as my database ... and I do not want to save the login information on the database since if I have a lot of simultaneous users it will cause congestion ... I would like to use Session variables ... I am however not very well versed there ... could you provide some links or some information on how to use the session variables with some examples if possible ...

Also are session variables more safe & secure (relatively speaking) then other methods ?

Thanks
Peter
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Hi all and welcome to my first article on Experts Exchange. A while ago, someone asked me if i could do some tutorials on object oriented programming. I decided to do them on C#. Now you may ask me, why's that? Well, one of the re…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question