Question about membership/security

Cirene · Apr 30, 2008

I am creating an ASP.NET 2.0 website. Rather than using all the membership
functions I wanted to just create my own SQL Server db and use SESSION vars
to track if the user is logged in etc...

Is doing it in this way just as secure? I know that the "membership" stuff
will save me some coding, but I was just thinking....

Thanks.

Cowboy \(Gregory A. Beamer\) · Apr 30, 2008

Cirene said:
I am creating an ASP.NET 2.0 website. Rather than using all the membership
functions I wanted to just create my own SQL Server db and use SESSION vars
to track if the user is logged in etc...

If you have a custom database schema you wish to use, you can still use
Membership. Just create your own custom provider.

Is doing it in this way just as secure?

The Session stuff is encrypted, so it should be secure enough. The
Membership bits still send encrypted information to the client, so it is
probably pretty equivalent.

I know that the "membership" stuff will save me some coding, but I was
just thinking....

A lot of coding. A lot of missed bugs. Etc.

Before rewriting the entire authentication system, I would look at creating
your own custom provider.
http://www.devx.com/asp/Article/29256
http://www.15seconds.com/issue/050216.htm

Google "Custom Membership Provider" and you should find a lot of additional
articles.

Question about my projects	3	Jul 23, 2021
membership	1	Jun 9, 2009
LoginView & ASP.NET Membership help	0	Aug 25, 2009
Using Session to handle Membership - Secure enough?	1	Sep 16, 2008
Forms authentication and membership	0	Jun 25, 2010
Membership permissions after publishing an ASP.NET Membership site.	2	Jun 16, 2008
Asp.net membership security in VB.net?	1	Jun 5, 2006
Advice needed (ASP.NET membership)	14	Jul 13, 2009

Question about membership/security

Cirene

Cowboy \(Gregory A. Beamer\)

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads