CodeVerge.Net Beta


   Explore    Item Entry    Members      Register  Login  
NEWSGROUP
.NET
Algorithms-Data Structures
Asp.Net
C Plus Plus
CSharp
Database
HTML
Javascript
Linq
Other
Regular Expressions
VB.Net
XML

Free Download:
Zone: > NEWSGROUP > Asp.Net Forum > general_asp.net.security Tags:
Item Type: NewsGroup Date Entered: 10/25/2007 1:17:39 AM Date Modified: Subscribers: 0 Subscribe Alert
Rate It:
(NR, 0)
XPoints: N/A Replies: 2 Views: 14 Favorited: 0 Favorite
Can Reply:  No Members Can Edit: No Online: Yes
3 Items, 1 Pages 1 |< << Go >> >|
goodeye
Asp.Net User
Remembered but not yet authenticated10/25/2007 1:17:39 AM

0/0

Hi,
 
I've been refreshing myself on the Authentication/Authorization/Membership/Profiles for .net, to convert a website's login from asp to .net. I implemented a 1.1 authentication a while back.
 
I'm getting stuck though with using the .net controls and framework for our website though. The problem is we have 3 states: guest, follow, and user.
 
  • "guest" is where we don't know who you are at all. I think this is the anonymous state in .net
  • "follow" is our name for where we know you from a cookie, for 'safe' things like your favorites, but we'll require an explicit login for your order information and to check out. .net doesn't seem to have this state.  (we actually confuse things and call this anonymous... I'm calling it "follow" here for clarity)
  • "user" is an authenticated user. .net has this, either with an explict login, or through a remember-me cookie.
Our problem is this middle "follow" state. I can't find anything similar in .net. You're either anonymous or authenticated, and that's it.
 (We're considering dropping guest anyway for various reasons, so that may help - basically always put a cookie down to remember things about your visit).
 
I think we have a common scenario, so I'm hoping I'm just missing something - please let me know if this sounds familiar.
If I have to go looking for a custom session or cookie variable, then we might as well just port our existing logic, instead of using the framework.
 
 
Thanks,
Bob
XiaoYong Dai –
Asp.Net User
Re: Remembered but not yet authenticated10/26/2007 7:42:23 AM

0/0

Hi

Base on my understanding, "follow" is somewhat similar to "anonymousIdentification"  (a feature used primarily for Anonymous personalization) in ASP.NET 2.0. But it does not rhyme quite as your scenario. So I think you'd continue to practice the existing logic.

Best Regards
XiaoYong Dai
Microsoft Online Community Support

Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
goodeye
Asp.Net User
Re: Remembered but not yet authenticated10/26/2007 6:08:13 PM

0/0

Thanks - this will be good to keep learning to the .net features, but I think you're right about not quite fitting. We'll port the logic to start.

 
3 Items, 1 Pages 1 |< << Go >> >|


Free Download:

Books:
Organizational Data Mining: Leveraging Enterprise Data Resources for Optimal Performance Authors: Hamid R. Nemati, Christopher D. Barko, Pages: 371, Published: 2003
Blue Nippon: Authenticating Jazz in Japan Authors: E. Taylor Atkins, Pages: 366, Published: 2001
The Scarlet Letter Authors: Nathaniel Hawthorne, Pages: 192, Published: 2004

Web:
Two-factor authentication - Wikipedia, the free encyclopedia Despite the security advantages of strong authentication its adoption is not yet widespread. A 2007 study by Celent reports that the year 2006 was dismal in ...
asp:login control help - ASP.NET Forums Note : the mentioned setting will make cookie expires after 5 days , but it will not make sure that the user will stays authenticated in ...
draft-ietf-tls-passauth-00 A server that does not support shared-key authentication will simply ignore .... that the original password need not be remembered by anyone but the client. ...
Authentication and Session Management on the Web This has not yet been implemented in any web browsers. ...... Issue this checklist to all web developers, but remember: the checklist alone is not. enough. ...
Feedback: 'Remember Password' option is not remembered in ... When I tested this, the checkbox did indeed not remain checked, but it did remember the password. The checkbox looks out of place to me. ...
www.exim-new-users.co.uk - Section 33 - SMTP authentication The option is not used as part of the authentication process; instead its ( unexpanded) value is remembered for later use. How it is used is described in the ...
NTLM authentication? | drupal.org active directory is supported, but not NTLM ... pay for this enhancement as it is non-trivial. i have not yet looked at this closely though. ...
Team Foundation Server (TFS) 2008 and Authenticated SMTP - A Travesty Jun 13, 2008 ... Yet the code checks non-existent attributes for authentication information. ... Not a great solution, but it works. For TFS Web Access, ...
Authentication for Games Thus, you have to secure the login attempt using some kind of encryption -- but it's not clear what you should use as a key to achieve good security. ...
[#JBPORTAL-2191] "Half-authentication" mode - jboss.org JIRA ... "half-authenticated" feature, where the user coming back on a website would be remembered but won't have access to sensitive data or to modify important ...

Videos:
Leveraging India As India Stands Up Google TechTalks May 25, 2006 Ashok Jhunjhunwala Prof. Ashok Jhunjhunwala is Professor of the Department of Electrical Engineering, Indian Institute...
A New Way to look at Networking Google Tech Talks August 30, 2006 Van Jacobson is a Research Fellow at PARC. Prior to that he was Chief Scientist and co-founder of Packet Design. P...
Core Patterns for Web Permissions Google TechTalks July 19, 2006 Tyler Close Visiting Scientist Hewlett-Packard Laboratories Mr. Close is a researcher and developer, working in the...
www.moldytoaster.com as repugnant to him to behold. He felt himself emptied, useless, put out of joint with his past life, turned out, dissolved. Authority was dead withi...
How To Break Web Software - A look at security vulnerabilities in web software Google TechTalks April 13, 2006 Mike Andrews Mike Andrews is a senior consultant who specializes in software security and leads the web application...
django: Web Development for Perfectionists with Deadlines Google TechTalks April 26, 2006 Jacob Kaplan-Moss ABSTRACT Django is one of the premier web frameworks for Python, and is often compared to Ruby-on...
www.moldytoaster.com ty, haughty court dames, and smiling city beauties, come like delicious phantoms, and fill my mind with images graceful as your own forms, and meltin...
www.moldytoaster.com re in a galaxy to some provincial Belle Vue-terrace or Prospect-place; where they endeavour to forestall the bachelors with promiscuous orange-blosso...
www.moldytoaster.com . Do you know that I should have had a bailiff and a protest after me? You played the mouse-trap nicely with your young ones." "Without suspecting i...
www.moldytoaster.com ! That man who was here last night has stolen it." In a twinkling, with all the vivacity of an alert old woman, Madame Magloire had rushed to the or...




Search This Site:










generating reports!!!! [8-)]

file sizes

i can't access the "website menu, click asp.net configuration"

asp:wizard security

personal.mdf

help with bits

images and stylesheet not found in preview

unable to assign edit capability to text/html modules

new to webparts - having trouble deleting webpart

adding times

ceating pdf document in .net

dnn 3.0.12 resourcepack.cs-cz + searchresults settings fix

adding module definition error

how to create a checkboxlist with cs?

css disappears on reload of aspx page

how to connect to mssql server from iis?

rtrim off characters after somepage.aspx string

2.0: how to loop through all objects in me? for each obj as object in me doesen't work.

parsechildrenattribute and template

custom module

problem in using context.server.transfer(string url) method

is it possible to use physicalapplicationpath in the application object?

large website best practices

hotmail style new items in a different colour on a datagrid

fast help! webclient.downloadfile() premature stream termination

connecting to webservice

hown can i store profile in sql server 2000 rather than in sql 2005 express?

windows authentication with active directory

to hide a pane for the users.

how to purge the data ...
 
All Times Are GMT