0

I am writing a website that very explicitly requires a login wall.

Visitors should be required to log in before they are allowed to view a page.

The page being built depends very much on the user's "ID". I am not sure how or where to store the user's login.

I am not sure whether I should use a session variable (e.g. Session["userId"]), or some other method. The problem I see with session variables is that it's difficult to time out sessions.

Note: I'm using C# 3.5 with ASP.NET in Visual Studio 2008.

Redandwhite
  • 2,529
  • 4
  • 25
  • 43
  • You can time out sessions easily have a look at: http://stackoverflow.com/questions/648992/session-timeout-in-asp-net & I would say Session is the best way to store the user ID and then authenticate against using that. – Ryan McDonough Nov 01 '12 at 11:09

3 Answers3

1

One of the idea is to use form authentication.

FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
Response.Redirect("pagename.aspx");

The true part is that user password is saved to the browser cookie.

शेखर
  • 17,412
  • 13
  • 61
  • 117
0

Implementing form authentication is your answere:

How to Implement Form Authentication

Rohit Vyas
  • 1,949
  • 3
  • 19
  • 28
0

I guess you should you Inbuilt membership and roles feature of Microsoft.

This is very secure and gives you maximum Security with Login, Create User, Change Password, Forgot password.

Also have the feature of Password Security Like Salt,

Here is the Link

http://www.codeproject.com/Articles/281573/ASP-NET-Membership-and-Role-Provider

Moiz
  • 2,409
  • 5
  • 27
  • 50