会话-登录以查看用户数据

Question

Before I start I would like to state that I am very VERY new to ASP.NET and C#, and programming in general really. I have created a web application with a login page looking to a custom database containing the user's data as well as their login details. I did this rather than using the ASP.NET Membership as there are complications using this over my college's network.

As the table contains many records of user data, what I would like to do is have a user log into the app and (based on their login details) allow them to view JUST their details from the table I have created as their are many records of user data.

Am I correct that I should create a session based on their username and password and with this, somehow match it to their record in the table using SQL which will display ONLY their data rather than the whole table be displayed?

If this is the case, I really don't have a clue how to implement this.

I am aware that this will be very insecure but the users are all fictional and this app will not be published to the web. I just want it to work in the simplest form for my assignment and I'll cover the security aspects in my report and state how it could be improved.

Any advice would be greatly appreciated, Cheers.

Answer 1

Whenever you find a user's credentials valid enough for login, add some/all of his credentials to the current session like,

Session.Add("sessionvariablename",textBoxLogin.Text);

On the other page, that comes after logging in, check the following,

if(Session["sessionvariablename"].ToString()=="xyz")
{
Do whatever you want
}

You may not want to add sensitive information to the session for security concerns. Use Guid.NewGuid() to create a unique 32 character hexadecimal code for each user and store it in session.

Answer 2

If I'm getting it right, using username and password as session parameters will work but it's not the best idea. Normally you table with users contains a kind of unique identifier for each record (guid or autoincrement id). You may use this identifier as a session parameter.

Answer 3

You should have row in your table with with a unique identifier. Like ID or userNr or something similar, make it an integer and set to primary key and then set its identity specification (is identity) to yes by double clicking on it (I am presuming that you are using visual studio).

When the user has submitted there login info and they checked out, you save there unique identifier in a session.

when you need to pull out information specific to the user in question, you use sql WHERE ID (or userNr) is equal to the session id.

hope this is what you needed, its my first answer in here so I would like to be helpful.