O'Reilly logo

Applied ASP.NET 4 in Context by Adam Freeman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using Membership, Roles, and Profiles

To demonstrate authentication and authorization, I stored the user credentials in the Web.config file. This is acceptable for small and simple applications where the list of users is unlikely to change over time, but there are two significant limitations to this approach. The first problem is that anyone who can read the Web.config file might be able to figure out the passwords, even when they are stored using cryptographic hashes rather than plain text (if you don’t believe this, create some hash codes for typical passwords and then search Google for each hash code; it won’t take much effort to figure out at least one of the passwords).

The second problem is administration. Putting the credentials in the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required