Security :: Using Cookies And Session To Store Login Information?

Feb 11, 2010

It has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:


I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.

View 1 Replies

Similar Messages:

Security :: ARR Login Fail But When Users Remove All Cookies And Session Data The Login Works Again

Sep 27, 2010

I have two application (one of this is mojo portal): [URL] for some users when they login into "app" then the login in "mojo" doesn't work and viceversa. I've set the machinekey into web.config file. When the users remove all cookies and session data the login works again. The two application are into a Web Farm. Should be ARR the problem?

View 2 Replies

State Management :: Use Session To Store Code - How To Use Cookies

Aug 5, 2010

I am using session to strore code

if (!string.IsNullOrEmpty(Request.QueryString["c"]))
System.Web.HttpContext.Current.Session["Code"] = Request.QueryString["c"];
System.Web.HttpContext.Current.Session["Code"] = "GR";

Instead of session,now I want to use cookies.

View 8 Replies

Web Forms :: Store Client Information At Login Time

Dec 23, 2013

I want to show all information as like facebook

I want to store client information on login time .as fallows 

1. which day you login

2. which place 3.

login from computer or other device etc...

View 1 Replies

MVC :: How To Store Persistent-user-session Information's

Aug 8, 2010

i have a list of fields that i would store for all the user session. I thought to create a class, insert the information in it and store the class in the session but i'm not sure this is the best way to do it (performances, etc). I should have a list of these informations that i can display in views, i can delete and i can update. How could i do this?

View 10 Replies

Security :: How To Create Cookies For Remember Login

Feb 28, 2011

I would like to set the Login which will log auto when he return to site, if the user hasent logged off the site.and if he enter the site again he'll be logged in already.

View 5 Replies

State Management :: Option To Store Confidential Information In A Page?Control,Session,QueryString Etc?

Jan 20, 2011

Which is best option to store confidential information in a page?Control,Session,QueryString etc ... ?And also the performance also should be good ... ?

View 11 Replies

Security :: Store Credentials And Other Information In An XML File?

Jun 12, 2010

Does anyone know a good tutorial for building a custom login control I've tried looking for one that suits my needs with no success. I want to be able to store credentials and other information in an XML file

View 1 Replies

Security :: Change Database To Store The Membership Information?

Jan 1, 2010

while creating users/groups using web site administration tool, is there a way to configure it to store to a specific database rather than store to a Microsoft SQL 2005 Server Express Edition by default in the App_Data folder?

View 2 Replies

Security :: Internet Explorer 8 Denies Session Cookies

Jul 22, 2010

i am having this weird problem only when i deploy my site [localy Everything works fine] when you try loging in from IE 8, the page simple refreshes! and no authentication takes place After lot of research, i found out that Internet Explorer 8 denies session cookies and to confirm this, i unchecked Enable protected mode (can be found in, internet options, security), and then tried logging in, it worked perfectly fine just like it did in other browsers [Firefox and google chrome]. I have found one solution which is to lower the security level, but i cant tell every visitor on my site to do that since its not practical.

View 1 Replies

How To Use Session Variable To Display User Information After Authenticated Login

Dec 18, 2010

How can I use session variable to display user information after authenticated login like Address: 37, kings Road. Position: Secretary base on User ID

View 2 Replies

Security :: Changing Aspnetdb To Store User Profile Information?

Feb 19, 2010

I need to know how to change aspnetdb to store profile information unique to each user so that I can restrict records in an sql table to only show that user's records.

So if I make a "companyID" int, identity column where would I put it?

Also, when I write the where clause to companyID = profile (companyID) would that work?

View 1 Replies

Security :: Where The Login Information Is Stored

Feb 25, 2011

where the login information is stored in our directory?

View 4 Replies

Security :: Killing The Session / Login When Attempting To Login In Different Computer?

Feb 22, 2010

Let's say I have 2 computers and has internet connections. let's say in computer 1 I visit the my page and i log-in as User1 and I go now to computer 2 and i do the same thing in computer 1. All i want to do is to kill the session in computer 1 because i log-in in computer 2.

how to do that in

View 7 Replies

Security :: Login Information In External Hyperlink?

Mar 3, 2011

I have a website that is associated with a PC Application.

The website uses forms security to restrict access to the Information on the PC Application to users with a specific role.

Is it possible to have a link to a page that has sufficient information contained in it to automatically log in and display a page in a restricted area?

I am thinking of something like the confirmation emails you get when registering with a website. They often have encrypted text as part of the link and automatically log you back in to the website when clicked.

View 5 Replies

Security :: How To Compare Login Information With Database

Jul 27, 2010

I have created a login form through VS 2008 using C#. There are 5 different aspx pages in my application.

1)Default.aspx: It contains only a hyperlink to direct the user to login.aspx page.

2)Login.aspx: This page has texbox for Username and Password, sign in button, textbox for displaying error and hyperlink (Create an Account) if the user does not created an account yet.

Here is Login.aspx code:


Now, I want to do following with my application.

If the user already has an account, he can put his username and password and click on the sign in button. If the username is existed in databse, application should compare the user input with database and if both are matched then the application should redirect the user to "welcome.aspx". If username does not exist it should show that Username does not exist.

View 9 Replies

Security :: Passing Login Information Between Applications?

Aug 2, 2010

I had three web applications and each one has its own login page , now i want to build web portal which allow members to login and choose one of these applications to redirect to it .

Is there any way to passing user information across secure connection??

View 2 Replies

Security :: How To Concerns With Allowing Post Login Information

Oct 5, 2010

I have a third party company that we need to allow they users to pass into our website without loging in. TO keep it easy I was thinking of having them post to a custom login page on my site.

So their code would be something like this:


My landing/login page would do soemthign liek this.


My question is whether there are any security issues when using this kind of method? I am not sure yet what their site is written in. I figured that they could figure out how to do the post as long as I have the landing page for them and there is no security issues.

View 4 Replies

Security :: Login Information From ASP Ticket To Desktop Application

Jan 23, 2010

i have a secure application ,login page and all these stuffs, i want to create a windows desktop application for some resones but i want to use the same security of the , is there anyway to get the login information of the to login to my windows desktop application?

View 1 Replies

Forms Data Controls :: Store Gridview Datatable In Session And Then Retrieve From Session And Store Database

Nov 11, 2010

Its related to datatable in gridview store in session and then session retrive and store to database. basically i am using gridview here creating new row for button click and these row adding untill user's last entry then submit all these entry to database. so i want to use session variable to store this data temporarily and after final entry user click on submit button and all data shold be save in db.

View 9 Replies

Security :: Storing Profile Information Into Session

Feb 10, 2010

I have created a custom user creation wizard to store custom user information, This is working fine. I am now trying to create a new page to give the newly created user to create users in there own company, so i need to retrieve the company information from the user profile created and automaticlly fill that information into the new create user wizard. ie User from A company logs in. (company_id from profile is stored in session)
User A wants to make another user in company A (but cannot make a user in company B) User A fills in details for new user, Company A information is autofill into new user info. (possibly from session)

I have read alot about storing membership. info into session but i cannot find any code examples of how to do this. I need to find a way to store Company_id into session and then use that for creating a new user with the same Company_id.

View 7 Replies

Security :: Store Last Implicit Login Without Membership Api?

Jul 25, 2010

we use forms authentication for a community website with about 200k users with a simple login like this:

Private Sub btnLogIn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogIn.Click
If CheckPassword(txtEmail.Text, txtPassword.Text)
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, chkRememberMe.Checked)
End If
End Sub

which checkPassword reads from a MS SQL users table. it has worked without major problems for 3 years but we need to store the login date of users in a table, both when they login explicitly and when they had selected "remember me" and come back (we store login once per session)

since we have a complicated profile system and database it will be practically impossible to switch to membership API. last time I was told we could user an auditing system to do that but I have no idea how to do that.

View 2 Replies

Security :: Pass The Session ,cookies From Asp Page To Page?

Mar 29, 2011

I'm doing a module in but existing was developed in i have to use the asp login page inorder to access the do i pass session and cookies to my new module?

View 1 Replies

Perform User Management (store User Info, Login , Logout Etc) Without Using Session Or Cookie?

Dec 1, 2010

Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?

View 3 Replies

Security :: Booting A Session On Second Login?

Jun 23, 2010

using 2.0, hand rolled authentication and <sessionState mode="SQLServer"...>

My work request is "If a user successfully logs into the site and then from another browser/machine/whatever attempts to login with the same credentials, end the first sesssion."

First: I've already discussed the cons of this. We've all written our fair share of "bad code",

Second: I've seen it done before, so I know it is possible.

My Question:

How do I do the call Session.Abandon or Session.Clear on another session? I suspect that this is made simplier by the fact that we are using session stored in sql and that the tables are not temp tables (dbo.ASPStateTempSessions grows in size as I log in)

View 1 Replies

Copyrights 2005-15, All rights reserved