Robust Forms Authentication: Is this the best way?
Question
I have implemented forms authentication in to my site, this works great. But, is it the correct and most secure way? Here is my code below whent he user logs into the system.
FormsAuthentication.SetAuthCookie(User.ID.ToString(), true);
I have been using the Name stored in the Auth Cookie to populate the profile page and other sections that require the user id, such as logging:
HttpContext.Current.User.Identity.Name
Is this the correct way to implement Forms auth? Or am I way off? If I am, which I believe is the case please provide constructive comments or a link that shows the correct way to implement forms authentication.
Thanks
3 answers
solution1
2 2012-02-06 15:59:26
Yep, that's correct.
You can improve the process by using ASP.NET Membership , which ties in with forms authentication to manage user profiles and roles. It does a lot of the leg work for you.
solution2
2 2012-02-06 16:02:40
you can use FormsAuthenticationTicket to build a customized ticket.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
for your information: http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx
solution3
1 2012-02-06 15:59:46
No, you are not way off. This is the right way to do it and you are using HttpContext.Current.User.Identity.Name correctly.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.