Freigeben über

Authentication options for multiple scenarios

  • Artikel

There are many types of scenarios that we have around ASP.NET and Authentication.  You can see a number of the solutions we have at ASP.NET Authentication and a good talk about them at ASP.NET Wiki: Security: Authentication and Authorization.  We also have Using Forms Authentication with ASP.NET AJAX.

But there are some other requirements that may come into play that aren’t really discussed with these solutions.

What if you require a higher level of authentication

For example, the two-factor authentication as described by RSA.  In this case, it requires two of the following three things:

  • Something known, like a password
  • Something possessed, like your ATM card
  • Something unique about your appearance or person, like a fingerprint.

So with ASP.NET, you can use our membership provider to work in conjunction with RSA and accomplish this.  There are other providers that can also solve this type of authentication requirement.

What if you want to have an offline authentication story

One way to solve this if you are using ASP.NET Forms Authentication is to copy the SQL tables and stored procedures down to the client computers so that when someone logs in offline, they can still be authenticated.  This is good if you know who the clients are and so you can allow a “trusted” client to have this data on their machine.  Another way to solve this is to use RSA authentication when logging into the computer and then just use Windows Authentication to know what user you are working with.

Another solution, if you are using a Smart Client type of application is to use the steps outlined here.  This allows you to use ASP.NET AJAX application services to authenticate and in offline mode, all service requests automatically go to the local cache without requiring changes to your code.

Feel free to post other solutions to these if you have them.  Or if you have other scenarios that it would be useful to discuss.  For instance, we could certainly talk about Windows CardSpace here.

kick it on DotNetKicks.com

Comments

  • Anonymous
    April 07, 2008
    You've been kicked (a good thing) - Trackback from DotNetKicks.com

  • Anonymous
    April 07, 2008
    This gives me more latitude with asp.net authentication. Thanks Josh Coswell http://riverasp.net

  • Anonymous
    January 21, 2009
    Here is link to RSAs two-factor solution for IIS http://www.rsa.com/node.aspx?id=2806