Home/ Questions/Q 8098425
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T22:04:34+00:00

I know this question as been asked countless times, but believe me I’ve searched

  • 0

I know this question as been asked countless times, but believe me I’ve searched Google for hours and got nothing. Whatever is out there, it’s for MVC, which I’m not using.

My requirement is simple. I do not want to use the default authentication provided in asp.net. I would store the username/password/role in my custom SQL Server table. I’ll provide 2 inputs for username/password and a button to validate. On validation, he is allowed access to the admin areas. This will only be used by admin guys at my subdomain “admin.*.com”. They will use this page to add content to the website on daily basis.

  1. How do I implement it. A tutorial link would suffice.
  2. Is it safe for Production? I don’t want some newbie hacker getting in to my site and mess it up. If not safe, what else option do I have.

Thanks,
Dev

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As per our comments, given your reluctance to implement an ASP.Net Membership provider (and it is worth the time to investigate – you may not feel that it is right now, but it can be handy. I felt the same way at first, but the cost of maintaining your own code and infrastructure soon proves to be false economy) you have at least two other choices:

    1) Straightforward Forms Authentication

    Put all of your admin pages under a single folder, for example, /Admin, then use Forms Authentication to protect access to this folder. Only users defined in the database or Web.Config will have access to these pages. This is less flexible than ASP.Net membership, but may give you most of what you want. In terms of security, this will be as secure as your website is, is well tested, and is well documented.

    2) Use Facebook OAuth

    You mentioned that your use has access to Facebook. You could use Facebook to do the authentication for you. Although you wont be able to grab the username and password, you can get a token back, that you can then validate against a known permission set. This is a lot more work than 1) though and will tie you to potential future changes in the Facebook API. However, it also benefits from being well tested, and secure, but you have little to no control over the actual user information.

    As an aside, please also consider being nicer to Google!

    • 0