Writing Code for LoginStatus and LogoutStatus using C#

Question

My Login Page Controls code is:

<table class="auto-style9">
   <tr>
       <td class="auto-style12" colspan="2" style="font-family: 
         Georgia; font-size: medium; font-weight: bold; 
         text-transform: uppercase; color: #000000">Login
       </td>
   </tr>
   <tr>
       <td class="auto-style15">User name</td>
       <td class="auto-style15">
         <asp:TextBox ID="UserNameTextBox" runat="server"></asp:TextBox>
       </td>
   </tr>
   <tr>
       <td class="auto-style15">Password </td>
       <td class="auto-style15">
         <asp:TextBox ID="PasswordTextBox" runat="server" TextMode="Password">            
         </asp:TextBox>
       </td>
   </tr>
   <tr>
       <td class="auto-style15">&nbsp;</td>
       <td class="auto-style15">
         <asp:Button ID="ButtonLogin" runat="server" 
          CommandName="Login" Text="Login!" 
          OnClick="ButtonLogin_Click" BackColor="Black" 
          ForeColor="Yellow" />
       </td>
   </tr>
 </table>

My Button Login Click event is :

protected void ButtonLogin_Click(object sender, EventArgs e)
{
    using(BerouDataContext Data = new BerouDataContext())
    {
      var UsernameCheck = UserNameTextBox.Text;
      var PasswordCheck = PasswordTextBox.Text;
      var UserExist = Data.Memberships.Single(s => s.Username == UsernameCheck);
      if (UserExist == null || UserExist.Password != PasswordCheck)
      {
        LabelLoginValidity.Text = "Login Details are incorrect.";
      }
      else
      {
        LabelLoginValidity.Text = "Login Successfull!";
      }
   }
}

My Question is how to make cookie, how to code for loginStatus in c#, please Help with some code to implement, Thank You.

Answer 1

so basically, you want to determine, whether the user is logged- in or not.

you can make use of Session variable or a Cookie Variable

inside your ButtonLogin_Click in the else portion, when you successful login, add these lines

  else
  {
     LabelLoginValidity.Text = "Login Successfull!";
     Session["loggedIn"]=true;
     //or you can create cookie like this

      HttpCookie myCookie = new HttpCookie("myCookie");

      //Add key-values in the cookie
      myCookie.Values.Add("userid", objUser.id.ToString());

      //set cookie expiry date-time. Made it to last for next 30 minutes.
      myCookie.Expires = DateTime.Now.AddMinutes(30);

      //Most important, write the cookie to client.
      Response.Cookies.Add(myCookie);
  }

Now this Session or Cookie variable, you can check on inner pages. something like inside your Home page

 protected void Page_load(object sender, EventArgs e)
 {
       if(Session["loggedIn"]==null)
       {
          //Session doesn't exist, redirect the user to login page
          Response.Redirect("Login.aspx");
       }
 }

and you must destroy the Session or Cookie variable upon logout button click i.e.

protected void btnLogout_Click(object sender, EventArgs e)
{
   Session.Abandon();
   //or
   //Session.Remove("loggedIn");
}

So basically, Session and Cookie are State Management techniques.

Read more about them here

Answer 2

Please do not reinvent the wheel; instead use ASP.Net's FormsAuthentication.

It is more secure than writing your own login logic.

protected void ButtonLogin_Click(object sender, EventArgs e)
{
    using(BerouDataContext Data = new BerouDataContext())
    {
      var UsernameCheck = UserNameTextBox.Text;
      var PasswordCheck = PasswordTextBox.Text;
      var UserExist = Data.Memberships.Single(s => s.Username == UsernameCheck);
      if (UserExist == null || UserExist.Password != PasswordCheck)
      {
        LabelLoginValidity.Text = "Login Details are incorrect.";
      }
      else
      {
        FormsAuthentication.SetAuthCookie(UserNameTextBox.Text, false);
        LabelLoginValidity.Text = "Login Successfull!";
      }
   }
}

Here is the logout.