How to double-check user credentials against SQL database in ASP.NET Forms Authentication
Question
I'm setting up Forms Authentication for the first time. I am validating the username and password(hashed) against a local SQL database. All of this is working fine in my logon.aspx file in a ValidateUser() function.
I am also allowing the logon criteria to be persistent so the user does not have to re-enter their credentials when they return to the page.
The problem is, when the previously logged in user returns to my site and the cookie/ticket is used my ValidateUser() function is not called, SO... if I have deactivated the user or changed the user's password the user still gets logged in.
I've considered doing this in Application_AuthorizeRequest or Application_PostAuthorizeRequest in Global.asax, but I would also like to set some session variables at the time I re-verify the credentials against the database and the session is not yet created when these are called for the first time when a user logs in.
Any advise would be greatly appreciated.
1 answers
solution1
0 2016-07-13 06:50:46
For first time when user authorized at that time create session for that user eg Session["Username"] check session whenever he enters in any page if session is not present redirect him to login page, after that when he log out abandon that session. So whenever he want to access next time he wants to login again.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.