• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

ASP.Net User Config or SQL Server User Authentication?

Hello everyone,
I wish to ask , that I have a asp.net login control on my webpage. So, is authenticating the user by making use of ASP.Net Security Configuration a better approach or making use of SQL Server to store user info and then comparing and authenticating the user accordingly a better approach? It would be great if someone could help in this regard by comparing them on the basis of security, simplicity, maintainability, programmability parameters.
1 Solution
Essentially, they are both the same.  ASP .NET Security is creating a database entry for the users and comparing them using the built in classes.  If the ASP .Net user controls have everything you need then by all means use them, it will be easy to maintain and there is a lot of support for it.  If there is something that it lacks then I recommend using the interfaces for Membership and Role Providers to create your own providers that follow your database schema.  This will allow for the use of ASP .NET login and user controls without having to install their tables and stored procedures.
Depends on the number of users. Is it a typically site where new users frequently register themselves or is it mainly a site where few users are registered and it is usual that new, perhaps unknown users register?

If it's a public site, I would have used a database solution. Here's why:
Security: like everything, it's really up to how you make it yourself. Remember to block for hacks like sql injection and cross site scripting. Hash sensitive data.
Simplicity: Once you have made it, it's simple. Once again, depending how clever you create it.
Maintainability: It's a public site, it could have many members. Databases is specifically made for storing alot of data. You don't need to involve yourself when new users registers. It's very flexible and easy to expand further.
Programmability: As mentioned, once you have made a good solution, everything get's easy. Besides, flexibility is a key here.

By using a login control you avoid doing alot of code, which is the purpose. I would have picked this solution if it's a site with few, known users, or if I had to develop something fast. If your site has a chance of expanding in the future, you would perhaps find yourself in a situation that you need to convert to a database solution anyway. The login control is initially "more" secure, but once you have taken the precautions with blocking known and popular hacks, and use hashing of sensitive data, then database is more than equal to the login control. The ASP.NET engine also have security build in anyway when coming to use of databases, so already from start you have som basic good protection.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now