How to use session to make a login page

Question

I'm trying to write a website which based on ASP.Net . When I made a login page with username and Password , and also connected to a SQL-server .

But when I type in the right username and password. It will need to click login twice to login. Once I login, when I go back to the login page. No matter what I'm trying to type in the username and password textbox. The system will always log me in. I heard that the session can help, but I don't have any idea how to use it.

Is there anyone could help me? Or show me some usable code samples please?

Thank you

Jimmy

Answer 1

I second @GojiraDeMonstah's suggestion and would also recommend that you try to use Microsoft's out of the box (OOTB) functionality for handling website security (ie authentication, authorization, user management, password reset etc.) as much as possible. There's no reason to go reinventing the wheel when it's all there for you. You can even extend the existing functionality to create your own custom authentication provider but you really want to avoid trying to write one from scratch especially if you're new to this stuff.

Microsoft provides an infinite number of tools and tutorials to allow you to setup all this stuff so easily. Don't try creating your own database unless you really, really have to. Just use the one they provide you and work from that as a starting point.

Here is another great resource that provides a more visual tutorial to show you how easy it is.

Good luck!

Answer 2

The process of supplying a username and password (credentials) and then using the supplied name & password to verify a user is called Authentication. If you google asp.net authentication you will get a zillion results. Here's a good start --> http://support.microsoft.com/kb/301240

Answer 3

Write code like this

FirstPage.aspx(On your first page Login button click)

protected void Login_Click(object sender, EventArgs e)
{
    Session["UserName"] = txtUserName.Text;//Store username in session
}

SecondPage.aspx(after login on next page)

protected void Page_Load(object sender, EventArgs e)
{
    LabelUserName.Text = Session["UserName"].ToString();//Show username on a label
}

Hope it helps ....

Answer 4

The easiest way I have found is to download the sample pages provided in this example here.

Use the Global.asac file so you don't have to add login code to each and every page in your application.

In the file "Global.asax", define your session in the function "Session_Start()"

protected void Session_Start(Object sender, EventArgs e)
{
     //The first Session "Logged" which is an indicator to the
     //status of the user
     Session["Logged"]="No";
     //The second Session "User" stores the name of the current user
     Session["User"]="";

     //The third Session "URL" stores the URL of the
     //requested WebForm before Logging In
     Session["URL"]="Default.aspx";
}

In each of the pages you want only authenticated access to check if the user is Logged or not like this:

private void Page_Load(object sender, System.EventArgs e)
{
    if(Session["Logged"].Equals("No"))
    {
         ....
    }
    else
    {
         ....
    }
}

In your Login.aspx page check the user name and password from your database with a function like:

if(CheckUser(UserNametxt.Text.Trim()) && CheckPassword(Passwordtxt.Text.Trim())
{
    ....
}

else
{
    ....
}

In your codebehind define the functions CheckUser() and CheckPassword() by connecting to your database and passing the variable from the login page.

Download sample files here.