new to asp.net , currently using Session for login/logout
on login page i create a new session
Session["login"]= anyvalue
on secure pages
if(session["login"]!=null)
{
dostuff();
}
else
Response.Redirect("login.aspx");
Is this an OK approach to authentication in asp.net? Should I be doing anything differently?
EDIT: Why downvotes ??? okay guys got it
This approach should work fine, I too was recommended by a senior developer to write my own logic to authorize access over using the built in security mechanism (that includes login control)
You might want to add roles in the session as well
And to apply more security, you can store the session in SQL Server
So the basic "Asp.Net" way of doing this is to use the built-in MembershipProvider.
http://msdn.microsoft.com/en-us/library/sx3h274z(v=vs.100).aspx
There is a "baked in" MembershipProvider called the : SqlMembershipProvider
OR
If you already have a data-store with user names and passwords, you would implement a "custom membership provider".
Share a little more information, and you can get a little more help.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.