I am kinda new to asp.net. I used asp backing flash for most of the site work i have done, but I have shied away from flash and I am having some issues understanding asp.net membership.

I am currently using the web.config file to set the credentials for forms authentication. I would like to store the member credentials in an xml file, but I can only seem to find examples on the net about how to store the credentials in an sql database. I could create my own authentication system using session variables and xml. But it is mentioned all over the net that this is frowned upon.

So how do i save member information in a separate xml file? and if I do. is there a difference in how I authenticate a user?

I would like to also point out that I am using a webserver that supports only asp.net 2.0

> I would like to store the member credentials in an xml file

Yes you can do that. There are number of ways/methods to store/retrieve and compare the credentials.

Tutorials:

1. Forms Authentication Using An XML Users File
2. Examining ASP.NET's Membership, Roles, and Profile - Part 1 to Part 18
3. http://www.developer.com/security/article.php/11580_3364361_2/Two-Quick-Ways-to-Perform-ASPNET-Authentication.htm


EDIT:

Please read MSDN article - Securing Your ASP.NET Application and Web Services.

Alright, Thanks.
The part i didn't get was calling authenticate. Turns out that's not what creates the cookie. The trick was calling FormsAuthentication.RedirectFromLoginPage. That's what authorizes the user. That's where I were confused.

I have seen it done that custom memebership providers were created, and I had it in my head that this was the only way to do it. But apparently calling FormsAuthentication.RedirectFromLoginPage Does all the magic.

thanks, That 4guysfromrolla's a good read.

Member Avatar for simongh2

Beware when you write to the XML file. Your app is a multi-user system & 2 or more users changing the file at the same time could overwrite each others changes.

That's a good point, but its my personal site and the only authenticated user will be me. I just wanted a non web.config way of storing my username and password.

If I were really serious about it, since my hosting doesn't support mysql, I would use an access database, But I have recently gotten into using XML file to store all my data for my site and I'm very happy with it so far.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.