Easy way to create secure ASP.NET login using Session

• Download SessionLogin.zip - 21.5 KB

Introduction

As an ASP.NET developer, I needed to create a secure login WebForm, but I also needed it to be easy to implement, not so complicated, and also accomplish the mission

Sessions

Sessions are a real important thing, that used in many things we can't even imagine. You can use sessions in passing variables between WebForms instead of query-strings when passing secure values, it can also be used to create secure, and easy login.

Defining our Sessions

In the file "Global.asax", We'll define our sessions in the function "Session_Start()"

protected void Session_Start(Object sender, EventArgs e)
{
     //The first Session "Logged" which is an indicator to the
     //status of the user
     Session["Logged"]="No";
     //The second Session "User" stores the name of the current user
     Session["User"]="";

     //The third Session "URL" stores the URL of the
     //requested WebForm before Logging In
     Session["URL"]="Default.aspx";
}

In the "Page_Load" of the Secured files, or the files which needed the user first to LogIn before seeing them, we add just check if the user is Logged or not.

private void Page_Load(object sender, System.EventArgs e)
{
    if(Session["Logged"].Equals("No"))
    {
         ....
    }
    else
    {
         ....
    }
}

In the "Login.aspx" file, I've made checking the UserName and password with a regular if condition, with no database usage. But this code can be modified easily to check the Username and Password from a table in a database

if(UserNametxt.Text.Trim()=="Abdallah" && Passwordtxt.Text.Trim()=="Fayez")
{
    ....
}

else
{
    ....
}

The Code is available to download, with a sample "Login.aspx", and "Default.aspx" WebForms which make it easier for you to modify the code in best shape for you.