Easy way to create secure ASP.NET login using Session
2.06/5 (12 votes)
Nov 28, 2007
109389
4131
It an easy and secure way for begginer ASP.NET developer to create secure login WebForms using Sessions
Introduction
As an ASP.NET developer, I needed to create a secure login WebForm, but I also needed it to be easy to implement, not so complicated, and also accomplish the mission
Sessions
Sessions are a real important thing, that used in many things we can't even imagine. You can use sessions in passing variables between WebForms instead of query-strings when passing secure values, it can also be used to create secure, and easy login.
Defining our Sessions
In the file "Global.asax", We'll define our sessions in the function "Session_Start()"
protected void Session_Start(Object sender, EventArgs e) { //The first Session "Logged" which is an indicator to the //status of the user Session["Logged"]="No"; //The second Session "User" stores the name of the current user Session["User"]=""; //The third Session "URL" stores the URL of the //requested WebForm before Logging In Session["URL"]="Default.aspx"; }
In the "Page_Load" of the Secured files, or the files which needed the user first to LogIn before seeing them, we add just check if the user is Logged or not.
private void Page_Load(object sender, System.EventArgs e) { if(Session["Logged"].Equals("No")) { .... } else { .... } }
In the "Login.aspx" file, I've made checking the UserName and password with a regular if condition, with no database usage. But this code can be modified easily to check the Username and Password from a table in a database
if(UserNametxt.Text.Trim()=="Abdallah" && Passwordtxt.Text.Trim()=="Fayez") { .... } else { .... }
The Code is available to download, with a sample "Login.aspx", and "Default.aspx" WebForms which make it easier for you to modify the code in best shape for you.