Security :: Using Cookies And Session To Store Login Information?
Feb 11, 2010
It has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:
[Code]....
I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.
View 1 Replies
Similar Messages:
Sep 27, 2010
I have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?
View 2 Replies
Aug 5, 2010
I am using session to strore code
if (!string.IsNullOrEmpty(Request.QueryString["c"]))
System.Web.HttpContext.Current.Session["Code"] = Request.QueryString["c"];
else
System.Web.HttpContext.Current.Session["Code"] = "GR";
Instead of session,now I want to use cookies.
View 8 Replies
Dec 23, 2013
I want to show all information as like facebook
I want to store client information on login time .as fallowsÂ
1. which day you login
2. which place 3.
login from computer or other device etc...
View 1 Replies
Aug 8, 2010
i have a list of fields that i would store for all the user session. I thought to create a class, insert the information in it and store the class in the session but i'm not sure this is the best way to do it (performances, etc). I should have a list of these informations that i can display in views, i can delete and i can update. How could i do this?
View 10 Replies
Feb 28, 2011
I would like to set the Login which will log auto when he return to site, if the user hasent logged off the site.and if he enter the site again he'll be logged in already.
View 5 Replies
Jan 20, 2011
Which is best option to store confidential information in a page?Control,Session,QueryString etc ... ?And also the performance also should be good ... ?
View 11 Replies
Jun 12, 2010
Does anyone know a good tutorial for building a custom login control I've tried looking for one that suits my needs with no success. I want to be able to store credentials and other information in an XML file
View 1 Replies
Jan 1, 2010
while creating users/groups using web site administration tool, is there a way to configure it to store to a specific database rather than store to a Microsoft SQL 2005 Server Express Edition by default in the App_Data folder?
View 2 Replies
Jul 22, 2010
i am having this weird problem only when i deploy my site [localy Everything works fine] when you try loging in from IE 8, the page simple refreshes! and no authentication takes place After lot of research, i found out that Internet Explorer 8 denies session cookies and to confirm this, i unchecked Enable protected mode (can be found in, internet options, security), and then tried logging in, it worked perfectly fine just like it did in other browsers [Firefox and google chrome]. I have found one solution which is to lower the security level, but i cant tell every visitor on my site to do that since its not practical.
View 1 Replies
Dec 18, 2010
How can I use session variable to display user information after authenticated login like Address: 37, kings Road. Position: Secretary base on User ID
View 2 Replies
Feb 19, 2010
I need to know how to change aspnetdb to store profile information unique to each user so that I can restrict records in an sql table to only show that user's records.
So if I make a "companyID" int, identity column where would I put it?
Also, when I write the where clause to companyID = profile (companyID) would that work?
View 1 Replies
Feb 25, 2011
where the login information is stored in our directory?
View 4 Replies
Feb 22, 2010
Let's say I have 2 computers and has internet connections. let's say in computer 1 I visit the my page and i log-in as User1 and I go now to computer 2 and i do the same thing in computer 1. All i want to do is to kill the session in computer 1 because i log-in in computer 2.
how to do that in asp.net?
View 7 Replies
Mar 3, 2011
I have a website that is associated with a PC Application.
The website uses forms security to restrict access to the Information on the PC Application to users with a specific role.
Is it possible to have a link to a page that has sufficient information contained in it to automatically log in and display a page in a restricted area?
I am thinking of something like the confirmation emails you get when registering with a website. They often have encrypted text as part of the link and automatically log you back in to the website when clicked.
View 5 Replies
Jul 27, 2010
I have created a login form through VS 2008 using C#. There are 5 different aspx pages in my application.
1)Default.aspx: It contains only a hyperlink to direct the user to login.aspx page.
2)Login.aspx: This page has texbox for Username and Password, sign in button, textbox for displaying error and hyperlink (Create an Account) if the user does not created an account yet.
Here is Login.aspx code:
[Code]....
Now, I want to do following with my application.
If the user already has an account, he can put his username and password and click on the sign in button. If the username is existed in databse, application should compare the user input with database and if both are matched then the application should redirect the user to "welcome.aspx". If username does not exist it should show that Username does not exist.
View 9 Replies
Aug 2, 2010
I had three web applications and each one has its own login page , now i want to build web portal which allow members to login and choose one of these applications to redirect to it .
Is there any way to passing user information across secure connection??
View 2 Replies
Oct 5, 2010
I have a third party company that we need to allow they users to pass into our website without loging in. TO keep it easy I was thinking of having them post to a custom login page on my site.
So their code would be something like this:
[Code]....
My landing/login page would do soemthign liek this.
[Code]....
My question is whether there are any security issues when using this kind of method? I am not sure yet what their site is written in. I figured that they could figure out how to do the post as long as I have the landing page for them and there is no security issues.
View 4 Replies
Jan 23, 2010
i have a secure ASP.net application ,login page and all these stuffs, i want to create a windows desktop application for some resones but i want to use the same security of the asp.net , is there anyway to get the login information of the asp.net to login to my windows desktop application?
View 1 Replies
Nov 11, 2010
Its related to datatable in gridview store in session and then session retrive and store to database. basically i am using gridview here creating new row for button click and these row adding untill user's last entry then submit all these entry to database. so i want to use session variable to store this data temporarily and after final entry user click on submit button and all data shold be save in db.
View 9 Replies
Feb 10, 2010
I have created a custom user creation wizard to store custom user information, This is working fine. I am now trying to create a new page to give the newly created user to create users in there own company, so i need to retrieve the company information from the user profile created and automaticlly fill that information into the new create user wizard. ie User from A company logs in. (company_id from profile is stored in session)
User A wants to make another user in company A (but cannot make a user in company B) User A fills in details for new user, Company A information is autofill into new user info. (possibly from session)
I have read alot about storing membership. info into session but i cannot find any code examples of how to do this. I need to find a way to store Company_id into session and then use that for creating a new user with the same Company_id.
View 7 Replies
Jul 25, 2010
we use forms authentication for a community website with about 200k users with a simple login like this:
Private Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click
If CheckPassword(txtEmail.Text, txtPassword.Text)
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, chkRememberMe.Checked)
End If
End Sub
which checkPassword reads from a MS SQL users table. it has worked without major problems for 3 years but we need to store the login date of users in a table, both when they login explicitly and when they had selected "remember me" and come back (we store login once per session)
since we have a complicated profile system and database it will be practically impossible to switch to membership API. last time I was told we could user an auditing system to do that but I have no idea how to do that.
View 2 Replies
Mar 29, 2011
I'm doing a module in asp.net but existing was developed in asp.net i have to use the asp login page inorder to access the asp.net module.how do i pass session and cookies to my new module?
View 1 Replies
Dec 1, 2010
Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?
View 3 Replies
Jun 23, 2010
using asp.net 2.0, hand rolled authentication and <sessionState mode="SQLServer"...>
My work request is "If a user successfully logs into the site and then from another browser/machine/whatever attempts to login with the same credentials, end the first sesssion."
First: I've already discussed the cons of this. We've all written our fair share of "bad code",
Second: I've seen it done before, so I know it is possible.
My Question:
How do I do the call Session.Abandon or Session.Clear on another session? I suspect that this is made simplier by the fact that we are using session stored in sql and that the tables are not temp tables (dbo.ASPStateTempSessions grows in size as I log in)
View 1 Replies
