This is my first foray into building a secure web application. It will be on the internet, and it comprises an IIS server (hosted by ISP) and SQL 2008 db (Also hosted by ISP.
As a quick and dirty test I am just using the template in Visual Studio. I have configured authentication by just using the wizard on the ASP.NET configuration tool. However, this creates a database that is hidden within the web app.
I would prefer to keep the user credentials on the SQL server, as it seems like best practice to allow for scalability. However, how do I do this? I have limited access to the database – I can create tables, but don’t think I’ll be able to run any tools on the server to create the right schema. Can anyone point me in the right direction? Done some googling, but keep seeing ASP.NET 1.1 articles, which makes me think I may be missing something, and there is a better way of doing this in ASP.NET 4.0.
You don’t “have to” use the entire ASP.Net Membership framework to use Forms Authentication. It does a lot of the plumbing for you (security, etc), so if you can, it’s probably best you use it – more so, if you’re getting started.
You can use Forms Authentication with any auth scheme you want (pre-existing or something you create yourself). Here’s an overly simplistic sample where you can see that you can even hard-code the auth scheme (not that you should, but it shows you the possibilities).
Lastly, if you can’t run the command line ASP.Net tool
aspnet_regsql.exe, the sql scripts to create the schema are in:C:\Windows\Microsoft.NET\Framework\[Framework version].So for .Net 4, it would be:
C:\Windows\Microsoft.NET\Framework\v4.0.30319Both install and “uninstall” sql scripts are there – e.g.
… and so on….