Why AuthenticationMode enum only has 4 element. RRS feed

  • Question

  • User-59617029 posted
    using System;
    namespace System.Web.Configuration
    	/// <summary>Specifies the authentication mode to use in a Web application.</summary>
    	public enum AuthenticationMode
    		/// <summary>Specifies no authentication.</summary>
    		/// <summary>Specifies Windows as the authentication mode. This mode applies when using the Internet Information Services (IIS) authentication methods Basic, Digest, Integrated Windows (NTLM/Kerberos), or certificates.</summary>
    		/// <summary>Specifies Microsoft Passport as the authentication mode.</summary>
    		/// <summary>Specifies ASP.NET Forms-based authentication as the authentication mode.</summary>

    Look,no other choice.

    Forms authentication is not enought for my requrement.

    Formauthentication httpmodel retrives principle at the beginning of every request. But most pages and most requests don't need authentication.

    The architecture of asp.net authentication is low performence. It cannot use delayed authentication.

    Thread.Principle and HttpContext.Principle should be set before you use some attributes like [Authorize] in MVC action.

    So I want to implement my own authentication mechnism in asp.net mvc, which  delay doing authenticate when authorize is required.

    But I cannot think out how to do under the current asp.net architecture.

    A lot of people said the architecthure of .net is very scalable. At this time, I only smile.

    Monday, September 30, 2013 12:10 AM

All replies

  • User-488622176 posted

    I think you are confusing some things. You can perfectly create you custom authentication provider or membership provider (see http://www.danharman.net/2011/06/23/asp-net-mvc-3-custom-membership-provider-with-repository-injection/).

    However, splitting authentication from autorization is a bit ambigiuous. If you need to determine what authorization a user has, you need to identify the user. In ASP.NET identification is arranged by the autorization provider. After autorization, you are sure you know who the user is.

    In order to increase performance, after authentication, the user identification is stored in session state. This prevents dbase lookups for each check on the server. Authorization management can be done in many ways : from dbase query per inquiry, up to caching authorization in the user profile.

    ASP.NET is perfectly scalable, with or without smiling :-). I participated in .NET projects with 4-6K concurrent asp.net web application users. 

    If you need to provide public and secured parts in your asp.net mvc application, you can use other techniques to identify ressources that are "public" and others that require authorization.

    Wat is your concern? What do you want to do in practice? 

    Monday, September 30, 2013 6:32 AM
  • User-59617029 posted

    I participated in .NET projects with 4-6K concurrent asp.net web application users. 


    I wonder if your hosting can surpport 4-6K concurrent RSA decrapte?

    Because I want to sign the Principle in cookie instead of encrapte it. Then the Javascript in client can read the cookie and display user name, head icon, etc. 

    Monday, September 30, 2013 6:40 AM
  • User-488622176 posted

    The hosting worked smootly in our internal datacenter :-)

    Why do you want to do this? It is perfectly possible to find a few 1000 cases that kill performance in .NET. But the real question is : is the problem related to .NET or to the case. For every problem, many solutions exist. It's all a matter of applying the right solution for the right problem :-)

    I have a JAVA & J2EE background, and experience with alternative platforms (Ruby, Grails, Python). The primary reason for bad applications is a bad architecture, then a bad design, then bad programming. I've rarely encountered the language/platform to be the issue (although I had some issues with sales people claiming otherwise, and they were proven to be wrong). Some platforms are merely much more expensive than others (resource requirements for an interpreted system as Python are much higher then for compiled platforms as .NET & J2EE).

    So in brief:

    • What is the (business) problem you want to solve?
    • How do you see the solution (architecture), and why do you take the decisions you do?
    Monday, September 30, 2013 7:38 AM