ASP.Net User Config or SQL Server User Authentication?

Posted on 2009-04-15
Last Modified: 2012-05-06
Hello everyone,
I wish to ask , that I have a login control on my webpage. So, is authenticating the user by making use of ASP.Net Security Configuration a better approach or making use of SQL Server to store user info and then comparing and authenticating the user accordingly a better approach? It would be great if someone could help in this regard by comparing them on the basis of security, simplicity, maintainability, programmability parameters.
Question by:jhawarmayank
    LVL 3

    Expert Comment

    Essentially, they are both the same.  ASP .NET Security is creating a database entry for the users and comparing them using the built in classes.  If the ASP .Net user controls have everything you need then by all means use them, it will be easy to maintain and there is a lot of support for it.  If there is something that it lacks then I recommend using the interfaces for Membership and Role Providers to create your own providers that follow your database schema.  This will allow for the use of ASP .NET login and user controls without having to install their tables and stored procedures.
    LVL 5

    Accepted Solution

    Depends on the number of users. Is it a typically site where new users frequently register themselves or is it mainly a site where few users are registered and it is usual that new, perhaps unknown users register?

    If it's a public site, I would have used a database solution. Here's why:
    Security: like everything, it's really up to how you make it yourself. Remember to block for hacks like sql injection and cross site scripting. Hash sensitive data.
    Simplicity: Once you have made it, it's simple. Once again, depending how clever you create it.
    Maintainability: It's a public site, it could have many members. Databases is specifically made for storing alot of data. You don't need to involve yourself when new users registers. It's very flexible and easy to expand further.
    Programmability: As mentioned, once you have made a good solution, everything get's easy. Besides, flexibility is a key here.

    By using a login control you avoid doing alot of code, which is the purpose. I would have picked this solution if it's a site with few, known users, or if I had to develop something fast. If your site has a chance of expanding in the future, you would perhaps find yourself in a situation that you need to convert to a database solution anyway. The login control is initially "more" secure, but once you have taken the precautions with blocking known and popular hacks, and use hashing of sensitive data, then database is more than equal to the login control. The ASP.NET engine also have security build in anyway when coming to use of databases, so already from start you have som basic good protection.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
    Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
    Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
    This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now