DEVHIDE
Login Or Sign up

How to properly implement user system for sessions

1.4k Views Asked by At

I've never actually implemented a registration/login system before, so I'm trying my hand at making my own in C#/ASP.NET (not using ASP.NET's built-in membership provider). What I'm a little unclear on is how to utilize Session/cookies to keep a user logged in during and between sessions.

protected void Login_User(object sender, EventArgs e)
{
    string username = usernameField.Text;
    string password = passwordField.Text;
    User user = UserRepository.FindUser(username);
    if (user != null)
    {
        if (user.Password.Equals(Hash(password)))
        {
            // How do I properly login the user and keep track of his session?
        }
        else
            Response.Write("Wrong password!");
    }
    else 
        Response.Write("User does not exist!");
}
c# asp.net session membership
Original Q&A
3

There are 3 best solutions below

2
On BEST ANSWER

its quite complicate for proper login system.

  1. create class that inherit System.Security.Principal.IPrincipal
  2. another class that inherrit System.Security.Principal.IIdentity
  3. Assign IPrincipal derivative to System.Web.HttpConext.Current.User
  4. if u dont want to use cookies then put your IPrincipal to Session.
  5. if HttpContext.Current.User is lost then re-assign by get from session(in very first event eg. page_init). for my code, i use FormsAuthenticationTicket as cookie and reassign at Global.asax on event PostAuthenticateRequest

the good thing of using HttpContext.Current.User is u can mark method attribute.

[Authorize] // authorized user only
public void btn_click(...){...}

i'm not sure for normal asp.net but it work very well in asp MVC

if u want to use cookies, try System.Web.Securitiy.FormsAuthenticationTicket and FormsAuthentication

sample

public class WebUser:System.Security.Principal.IPrincipal
{
  ...
  public System.Security.Principal.IIdentity Identity{get; private set;}
  public WebUser(...)
  {
    this.Identity = new WebIdentity(...);
    HttpContext.Current.User = this;
  }
}
public class WebIdentity : System.Security.Principal.IIdentity
{
  ...
}

public void Login(...)
{
  var newUser = new WebUser(...);
}
0
On

You can use RedirectFromLogin to redirect to the page the user requested but was unable to visit due to authentication or if you want to maintain control of where the user gets redirected to you can use SetAuthCookie

0
On

Use this:

public class FormsAuthenticationService 
{
    public void SignIn(string userName, bool createPersistentCookie)
    {
        if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");

        FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
    }

    public void SignOut()
    {
        FormsAuthentication.SignOut();
    }
}

Related Questions in C#

Related Questions in ASP.NET

Related Questions in SESSION

Related Questions in MEMBERSHIP

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.