Software architect and Microsoft MVP, you’ll usually find me writing about security concepts and process improvement in software delivery.
Often times I’ll have a discussion with a software vendor or developer about implementing a particular piece of functionality or performing a certain task which I perceive as easy but they’ll come back with some sort of outlandish estimate.
“Securely implement an authentication mechanism? 3 weeks please!”
“Identity network performance issues in a web app? Hmmm, maybe 2 or 3 days.”
And so on and so forth. Part of my day job is to try and get the most bang for buck from my employer’s hard earned dollars so I’ll usually revert with something like “Hang on – I’m not asking you to fly to the moon, this should be a 5 minute job.” Perhaps it’s just the ingratiating nature of some people, but I’ll often hear something along the lines of “Ah, but you’re very smart!” Uh, no, that’s not the reason.
I simply know some shortcuts, that’s all. They’re not necessarily high tech and often they’re reasonably well known but they’re the sort of thing where if you don’t know about it, you end up blowing days or weeks or simply putting it in the “too hard” basket and missing out on some of the goodness which is out there at your disposal.
The idea of “5 minute wonders” is to show how simple development life can be using some of these tricks (hat tip to Jim Hare for inspiring the title with his Little Wonders series). They’ll all be videos, they’ll never run for more than 5 minutes and they’ll always be practical. They’ll be old hat to many people but for others, it will be a new world they didn’t know already existed right in front of them.
The ASP.NET membership provider
An easy choice for the first wonder, the joy of the ASP.NET membership provider is that it takes something that is time consuming to build and frequently fraught with security holes big enough to drive a truck through and makes it really, really easy. In fact this is closer to four minutes including starting with no project, no database and narrating the whole thing as I went along. Enjoy:
References
The command issued in the Visual Studio command window was aspnet_regsql.
For more information on the membership provider, see How To: Use Membership in ASP.NET 2.0.
4 comments:
I like the fact that in .net 4 this took the leap to SHA256 by default. i wasn't aware of this - it makes our previous discussion surrounding SHA1 collisions being only academic null-and-void
Yeah, I was thinking about our discussion when I wrote this, the penny just hadn't dropped earlier and I still had my mind in pre-.NET 4 mode. Still, I'm sure there are those who will bemoan the lack of bcrypt (fair enough) and I'm not sure that we'll see it make a (native) appearance any time soon.
Hi Klint, the membership provider uses the ASP.NET provider model which is very easily extensible. Yours is a pretty common requirement (certainly it's one I've had many times before), take a look at How to: Implement a Custom Membership User.
Good luck!
You get all of that by following the video above Sebastian, just choose an ASP.NET MVC 3 app instead.
Post a Comment