locked
Bad Practice to Not User Membership Schema? RRS feed

  • Question

  • User2106760402 posted

    I'm still new to ASP.net and am trying to build a site that operates on a Membership basis.  Part of the site will be protected and will require an account.  I tried using the Membership schema but found it difficult to work with, and then when I moved my SQL Server to Azure it broke entirely since it uses Universal Provider or something along those lines.  I've been stuck on this for months and am very frustrated.

    I have a functional Login/Registration page that I created and uses TripleDES to encrypt the password for now.  I was trying to block access to the member's only page by checking their session to see if they had a login name identified with their session, then if not redirect them to the login/registration page.  Is this good practice or am I setting myself up for getting hacked?  Is setting up TripleDES on my own asking for trouble?  The code for the TripleDES was largely sourced from this example:  https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.tripledes?redirectedfrom=MSDN&view=netframework-4.7.2

    Thanks in advance!

    Monday, September 17, 2018 2:19 AM

All replies

  • User-821857111 posted

    I have a legacy Web Forms application which needed some kind of authentication added to it. Like you, I didn't want to use Membership or Identity, so I reused the code from the Web Pages Crypto helper class to hash passwords and then verify them. It uses SHA256, which is what Identity uses. 

    Monday, September 17, 2018 7:03 AM