.NET Framework - I don't want to re-invent the Login/Login Wheel - Help with utilities

Asked By tjdarth on 07-Feb-08 08:43 PM
Hey guys, I am starting a small project for a friend who expects to have
users do a normal logon process using UserName & Password variables. I want
to save some time and find a reliable piece of code with encrypt/decrypt
capabilities that has been written in either C# or VB.Net that would could
be easily incorporated into my application. If there is a link that could be
provided or other sources that you might think of, it would be appreciated.

Thanks in advance . . .




Norman Yuan replied on 08-Feb-08 09:59 AM
Is this project a Win form app or ASP.NET app? Is the logging in process for
authentication only, or for both authentication and authorization? If it is
win form app, shoudn't the user have to log into his computer? So, the user
should be considered authenticated. If it is ASP.NET, yu could use Windows
authentication, so no logging in is required; if you choose Form
authentication, ASP.NET2.0 has built-in login control to use. Unless you
have very unique requirement, you to not need re-invent a simple wheel. But
you can always choose to re-invent a rounder/fancier wheel to suit your
special need.
tjdarth replied on 08-Feb-08 02:08 PM
Thanks Norman for the quick response. Currently my client and I have agreed
to make this an ASP.NET application because we are working with limited
funds and would like to allow only select clientel to access our SQL
database thru an ISP provider. We also agree that carrying this data along
with other personal characteristic data for the user using this application
would allow us to have better control over how long a user could use the
same password. We feel that having the capability to force password change
would be a better benefit in securing our application and data access. That
was the reasoning behind asking about encryption/decryption methods.

I am currently trying to develop this ASP.NET application with VS 2003
.NET1.1 and Dreamweaver CS3.  My understanding is that moving up to
.NET2.0/3.0 or 3.5 would mean aquiring VS 2005 or VS 2008.  I also have a
valid copy of MS SQL 2000 which also means a possible move to a more current
version of SQL as well. These things I need to investigate as to how far I
can go with what I currently have.

I have been brainstroming about how to carry each users credentials for
verification purposes at login time. Both Windows authentication and
authorization wolud be be fine if we wanted the world to have access to our
application data, but not very intuitive for maintaining integrity over our
data. We actually would like to stay away from Win apps altogether partly
because this wolud mean maintaining software on multipule machines, which
could become cumbersome.

I greatly appreciate your feedback on this issue and hope you can share more
knowledge with us as we go forward with this venture.

Thanks again . . .

Tom J.
Norman Yuan replied on 08-Feb-08 05:35 PM
In the case of AS.NET app, being hosted by ISP, it is very likely the users
are not windows domain user. So, using Windows authentication is likely out
of connsideration.

Yes, if you use .NET1.1, there isn't built-in login control, and more
importanltly there isn't ready-to-use membership component to use. So, you
do have to re-invent the wheel of loging in/user membership logics, or you
need to find available third party code to use. I'd strongly suggested you
go with ASP.NET 2.0, which has built-in web app/site membership components,
which you can easily use it to manager users who access to your web
app/site. By default, the membership provider uses SQL Server or SQL Server
Express. It you go with that, make sure you do not know SQL Server/Express
well before rush into it (especially pay attention to avoid using SQL Server
Express User Instance when going through website adminstration wizard in
ASP.NET2.0).
tjdarth replied on 08-Feb-08 09:06 PM
Thanks Norman. It appears from your answer that by downloading & installing
ASP.NET 2.0, I will have the capability that I desire without too much of a
fuss. Do I understand you correctly that the installation of 2.0 framework
will work with VS 2003 or is that another mountain I have to climb?

Also I have done some snooping and notice that there are a variety of start
kits that offer some of the features that you have mentioned. Are you
familar wiht any and if so, which one would you recoment?

Again, thanks for your patience and help/
Tom J.
Norman Yuan replied on 10-Feb-08 06:51 PM
No, VS2003 only works with .NET1.1. You need VS2005 to work with
.NET2.0/ASP.NET2.0. (you can download VS Web Developer Express for free, if
you do not have full VS2005).




Never used them. But they are good samples to get started with.
tjdarth replied on 11-Feb-08 06:31 PM
Thanks aagain Norman. I am not at the either/or state of choosing between
VS2005 or VS2008. I again reviewed your answer concerning SQL Server in your
original response. It appears that what you are saying is that there will be
a curve to learning SQL Server Express that comes with VS2005 or VS2008, but
I can take advantage of my current SQL 2000 to develop my application using
the membership features of thes new VS2XXX products. If this is correct I am
probably ready to make the plunge.

Thanks, you have helped me tremendously . . .
Tom J.
Norman Yuan replied on 12-Feb-08 09:52 AM
SQL Server 2000 will be fine.
tjdarth replied on 13-Feb-08 03:38 PM
Thanks Norman. I dl'ed and installed VS2008 last nite with all of the
Framework updates. If you can help with thes questions I would appreciate:
1)  Is there an option to switch between 2.0 to 3.5 thru coding or
other manual methods?

2)  I noticed that each application has it's own IDE? Is this just
because it is free or is MS doing something
new & different?

3)  Where is a good place to look for configuring the SQL2005 that
was installed with VS2008?

Thanks again . . .
Tom J.