Password Protecting Resources | ASP.NET MVC -
I am working on an asp.net mvc app, and I have some ideas that I want to protect passwords I am No method type in the form of a username / password. When a user tries to visit one of these protected pages, I want to keep them in the password. I came with a path to do this, I want to get some beliefs that this is a good way.
When a user arrives at a protected page, I am checking a dictionary stored in the session, if the page's ID is there and marked as unlock, then those pages can be viewed. If not, they will be directed to the unlock page, where they have to enter a password. After they enter valid passwords, this dictionary will update and they will be able to see the page.
Is it a legitimate approach or someone has a better idea?
Thanks
This is essentially a standard username / password form authentication It seems that the user name is shared between everyone / hardcod / users. Some thoughts:
- Do you want different passwords for different closed areas? If so, it looks like different roles for a user.
- What is your logic to not use a benchmark based user name / password solution (and potentially to determine the roles that have been unlocked)?
- It is believed that this is a public facing site, only a password is required, so that you have given a hacker a very easy target because now they do not have to use the username / password combo.
- Do you need someone like audit trails? A single password for many people in one area makes it potentially more complex for implementation.
- Maintenance - this is not a standard solution, so any other person who maintains it has to find out what you did and why.
I am sure there are some other important points in this, but nothing is coming at this time.
Comments
Post a Comment