Newbie question on ASP.NET Forms Authentication
Hi all,
Before endeavoring to understand the ins and outs of Forms Authentication, I have a quick question.
I read the post here about the "Massive Vulnerability" ( http://discuss.joelonsoftware.com/default.asp?pg=pgDiscussThread&ixDiscussTopicParent=10446&ixDiscussGroup=3&cReplies= ), and I was wondering whether the ASP.NET forms authentication mechanism is really heavy duty enough to be relied upon if used carefully.
So, do people actually use it in the real world? If not, what do they use instead?
Thanks in advance.
Charles Reich
Thursday, April 21, 2005
Yep - people definitley use it, and with great success.
Security is just too hard to roll your own solution. Your chances of getting it right are slim to none.
Use froms authentication, use the latest OS, install the latest service packs (for everything), and pray hard - daily. ;)
Jeff Mastry
Friday, April 22, 2005
There is a trivial patch to the problem which MS posted the same day as the bug was reported.
http://support.microsoft.com/?kbid=887459
While googling for that link I discovered that there's a newer (March 16), presumably more server-wide solution discussed here:
http://www.microsoft.com/technet/security/Bulletin/MS05-004.mspx
Don
Friday, April 22, 2005
Thanks for the replies. I wanted to be doubly sure that it was reliable.
I found a PDF on the msdn website that was 600 pages long which describes "Building Secure ASP.NET Applications."
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp
It seems like learning anything in .NET involves plowing through a 600 page tome.
Charles Reich
Saturday, April 23, 2005
I want to invoke the BASIC Authentication when I click on a button, is it possible.
Ujjwal
Wednesday, May 4, 2005
Recent Topics
Fog Creek Home
|