How to achieve form authentication in ASP.NET ?

Question

1.00/5 (1 vote)

See more:

Hello all , I have a web app with few web forms and I’m removed form authentication in web.config file.

May I know is it safe to use session variable to store logged user data ?

Ex: session(“loggeduser”) = “John”
session(“loggeduserID”) = “123”

What I have tried:

Up on user login with login page , I store userID and user name as session(“loggeduserID”) = “123”, then on each I’m checking if session(“loggeduserID”) is having a value. It will redirect to login page if there is no value .

Also session having a userID , it will check SQL database to check if there is an entry in database for the specific user for the specific form name .

Currently everything works smooth and ok , is it safe to use user authentication to each form with the value stored in session(“x”) ?

Posted 21-Feb-20 11:44am

SulfySul

Add a Solution

Comments

ZurdoDev 24-Feb-20 7:26am

If you do it that way, you have to make sure you check each and every request for your own authentication token (in this case your session value.)

SulfySul 28-Feb-20 0:53am

yes i am doing so, is it possible for users from client side to modify my session value ?

ZurdoDev 28-Feb-20 6:50am

Not really. Session is managed on the server.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)