Click here to Skip to main content
8,863,942 members and growing!
  
Email Password   Lost password?
Search within:



add
Add to your CodeProject bookmarks
Print Article
Site map
 » Web Development » ASP.NET » General
Licence 
First Posted 28 Nov 2007
Views 25,910
Downloads 974
Bookmarked 18 times

Easy way to create secure ASP.NET login using Session

By | 28 Nov 2007 | Article
, +
It an easy and secure way for begginer ASP.NET developer to create secure login WebForms using Sessions
ArticleBrowse CodeStatsRevisionsAlternatives
  Discuss
Discuss this article
 10  

Introduction

As an ASP.NET developer, I needed to create a secure login WebForm, but I also needed it to be easy to implement, not so complicated, and also accomplish the mission

Sessions

Sessions are a real important thing, that used in many things we can't even imagine. You can use sessions in passing variables between WebForms instead of query-strings when passing secure values, it can also be used to create secure, and easy login.

Defining our Sessions

In the file "Global.asax", We'll define our sessions in the function "Session_Start()"

protected void Session_Start(Object sender, EventArgs e)
{
     //The first Session "Logged" which is an indicator to the
     //status of the user
     Session["Logged"]="No";
     //The second Session "User" stores the name of the current user
     Session["User"]="";

     //The third Session "URL" stores the URL of the
     //requested WebForm before Logging In
     Session["URL"]="Default.aspx";
}

In the "Page_Load" of the Secured files, or the files which needed the user first to LogIn before seeing them, we add just check if the user is Logged or not.

private void Page_Load(object sender, System.EventArgs e)
{
    if(Session["Logged"].Equals("No"))
    {
         ....
    }
    else
    {
         ....
    }
}

In the "Login.aspx" file, I've made checking the UserName and password with a regular if condition, with no database usage. But this code can be modified easily to check the Username and Password from a table in a database

if(UserNametxt.Text.Trim()=="Abdallah" && Passwordtxt.Text.Trim()=="Fayez")
{
    ....
}

else
{
    ....
}

The Code is available to download, with a sample "Login.aspx", and "Default.aspx" WebForms which make it easier for you to modify the code in best shape for you.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Abdallah Fayez

Web Developer
Egyptian Banks Co.
United States United States

Member

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board. (secure sign-in)
 
Search this forum  
 FAQ
    Noise  Layout  Per page   
  RefreshFirst Prev Next
GeneralMy vote of 5 Pinmembererhardeep3:26 17 Feb '12  
Generalجزاك الله PinmemberMember 822963220:16 21 Jan '12  
GeneralCode to use a database to validate user PinmemberRosita12:02 5 Dec '07  
AnswerRe: Code to use a database to validate user PinmemberAbdallah Fayez11:12 30 Dec '07  
QuestionWhy can't we use <authorization> section of configuration file? PinmemberMember 39047284:51 5 Dec '07  
AnswerRe: Why can't we use <authorization> section of configuration file? [modified] PinmemberAbdallah Fayez10:32 30 Dec '07  
GeneralworksNice start PinmemberIslam Khalil Saber3:14 29 Nov '07  
GeneralRe: worksNice start PinmemberAbdallah Fayez3:20 29 Nov '07  
Generalallah 3alek Pinmemberel3omda6:31 28 Nov '07  
GeneralRe: allah 3alek PinmemberAbdallah Fayez3:22 29 Nov '07  
Last Visit: 22:45 25 May '12     Last Update: 18:44 25 May '12 1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Mobile
Web02 | 2.5.120517.1 | Last Updated 28 Nov 2007
Article Copyright 2007 by Abdallah Fayez
Everything else Copyright © CodeProject, 1999-2012
Terms of Use
Layout: fixed | fluid

The Code Project Insider. Free each morning.
Exploring Session in ASP.NET
Permanent User Login Session In ASP.NET
An easy way to use certificates for WCF security
Manage ASP.NET Session Variables using the Facade Design Pattern
Create Typed Session State in ASP.NET
Using the Local Security Authority to Enumerate User Sessions in .NET
Quick and easy user-level security checks
Using a Custom Base Class for Security and Session Management
Securing ASP.NET Applications
SOHA - Service Oriented HTML Application (Session and Security)
ASP to ASP.NET Session Bridge Using a Web Service
How to implement Two basics uses for the Asp.net Login control 2.0 (login and RememberMe)
Easy SMTP Mail Using ASP.NET 2.0
Using Attributes for encapsulating ASP.NET Session and ViewState variables
ASP.NET Session Login Without Cookies
Session Fixation Vulnerability in ASP.NET
Quick and easy user-level security checks - Part 3
Implement secure ASP.NET MVC applications
Alert Session Time out in ASP.NET
Pass-Through Security Authentication (Single Sign-on) using ASP.NET