The default providers in ASP.NET 2.0 are extremely fast and scalable (and in use on systems with 2M+ active users).
If you want to override the providers and role your own (using whatever storage schema you want), then you can also build and plug-in your own providers. This blog post points to a few simple providers that are useful to get started: http://weblogs.asp.net/scottgu/archive/2006/10/13/Tip_2F00_Trick_3A00_-Source_2F00_Documentation-for-Simple-ASP.NET-2.0-SQL-Providers-Published.aspx Thanks, Scott -----Original Message----- From: Discussion of advanced .NET topics. [mailto:[EMAIL PROTECTED] On Behalf Of Paul Cowan Sent: Friday, February 09, 2007 1:43 AM To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM Subject: Re: [ADVANCED-DOTNET] AOP and security I am not for one minute suggesting you can serve web.config files. you are aware connection strings have been hacked from the web.config? I just do not like the overhead of the members/roles stuff that comes with .NET 2.0. I had a look at membership and found it very slow. [EMAIL PROTECTED] > Date: Thu, 8 Feb 2007 11:17:58 -0500> From: [EMAIL PROTECTED]> Subject: Re: > [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > > What exactly are you worried about? If anyone other than the site > developers can write to web.config, you've got a problem. Only they and the > asp.net process should be able to read from it.> > If internet (or intranet!) > users can access _any_ files on your file system -- vs. having them executed > or "served" (e.g. for images or CSS files), you've got more troubles than I > care to imagine.> > At 05:10 AM 2/8/2007, Paul Cowan wrote> >Hi,> >Acutally > the more I think of it, is this really secure to store these values in the > web.config. Obviously I cannot hit the web.config. We are creating an > internet application and not an intranet application.> >I think the > httpmodule is the way forward.> >Cheers> >> >[EMAIL PROTECTED]> > > J. > Merrill / Analytical Software Corp> > ===================================> > This list is hosted by DevelopMentor(r) http://www.develop.com> > View > archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentor(r) http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
