Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

asp with membership/login

0 views
Skip to first unread message

John

unread,
Sep 10, 2006, 2:47:08 AM9/10/06
to
Hi

Is it possible to use asp.net membership/login control with pure asp i.e.
user logs in using login control and then asp can use it somehow? Is there a
code example somewhere?

Thanks

Regards


Siva M

unread,
Sep 10, 2006, 7:16:52 AM9/10/06
to
IMHO, No.

"John" <Jo...@nospam.infovis.co.uk> wrote in message
news:ui7gwTK1...@TK2MSFTNGP03.phx.gbl...

Dominick Baier

unread,
Sep 10, 2006, 11:43:29 AM9/10/06
to
Hi,

yes you can do that - ASP.NET 2.0 has some plumbing to do forms authentication
and then bounce the requests to the ASP ISAPI - i wrote a little bit about
it here:

http://www.leastprivilege.com/ProtectingNonASPNETResourcesWithASPNET20.aspx

(especially the 2nd part about DefaultHttpHandler)

One problem though, to communication username and roles to ASP - you have
to use HTTP headers. But you also have to protect them, e.g. using a MAC.
Otherwise someone from the outside could send bogus headers with the same
name and to a privilege escalation attack.

I have detailed all steps in my upcoming book (sorry available in 2 weeks)
http://www.microsoft.com/mspress/books/9989.asp

But feel free to ask.

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

0 new messages