Dreamweaver ASP.NET User Management Systems: Creating Custom Encrypted Authentication Tickets

In the other tutorials in this series we explored the ASP.NET security model and utilizing it to build rich featured User Management Systems using Dreamweaver. We learned how to use the web.config file to configure security on ASP.NET web application. We learned how to authenticate a user using Forms Authentication method. We learned how to create cookie to hold a user’s role and how to create a custom Generic Identity object to maintain the user’s role authorization from one request to another. Finally we learned how use the role information and Generic Identity object to programmatically control our user experience. In this final tutorial in the series, we will build upon prior discussions as we take over the Forms Authentication Ticket creation process to create our own custom authentication ticket and encrypt it using the ASP.NET FormsAuthentication class. That said, this tutorial stands on it’s own in the presentation of the topics covered.

Before you get too involved, let’s see if you’re ready. This tutorial makes assumptions about your skill level--that is, this tutorial is intended for intermediate users. If you’ve never configured a new site in Dreamweaver, never configured a database connection string, or never used the Dreamweaver database connectivity tools, this tutorial is probably not for you as you’ll need to be familiar with these concepts and techniques. If you have done these things but have very little or no experience hand coding, writing SQL statements, using the Dreamweaver advanced Dataset Dialog, don’t worry we’re doing this together and I’ll do my part to bring you along.

Overview

ASP.NET Security Review

The ASP.NET platform security is built around the concepts of authentication and authorization. As you may recall the concept of Authentication is ensuring the user is who they say they are—usually via a username/password challenge; and the concept of Authorization is determining the user’s privileges or Role(s) within the application, i.e. Guest, User, Administrator.

Security in the ASP.NET Framework is handled by the System.Security namespace which includes the methods one needs to secure ASP.NET web applications, including cryptography, management for the ASP.NET runtime, and authentication and authorization of users. The ASP.NET platform has out of the box support for Windows Authentication, Passport Authentication, and Forms Authentication.

Now that we’ve briefly reviewed concepts and options involved in creating user logins, let’s look at the code we’ll use to accomplish this using the built in support for Forms Authentication, the web standard, in the Asp.Net System.Security namespace.

James Threadgill

James Threadgill has authored numerous tutorials on ASP and ASP.NET web development, published on such sites as the Dynamic Zones and MSDN Accademic Alliance. He co-authored the Sam's book Dreamweaver MX: ASP.NET Web Development.

James first began computer programming in 1995 while attending Alvin Community College. He completed a certificate of computer science program and an Associate of Arts degree at Alvin before going on to the University of Houston-Clear Lake where he was awarded a Bachelor of Science and a Master of Arts.

James publishes fiction, poetry, and visual arts under the name Wayne James. His fiction first appeared in Raconteur in 1995 and since has been published numerous times: in Hadrosaur Tales 5 and 7, Bayousphere, and in the Write Gallery e-zine. His poetry first appeared in the small press magazine Lucidity in 1996 and has been published numerous times since. His collection of fiction and poetry, When Only the Moon Rages, was released in 2000. Most recently his work appeared in Tales of the Talisman winter 2010 and spring 2011 issues. James currently attends graduate school at the University of Houston and owns and operates small web design and internet marketing firm, WWWeb Concepts, with his wife, Karen, in Houston, TX USA.

See All Postings From James Threadgill >>

Reviews

Be the first to write a review

You must me logged in to write a review.