Home/ Questions/Q 7624315
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T04:55:50+00:00

Am failry new to authentication logic, would anyone be able to tell me if

  • 0

Am failry new to authentication logic, would anyone be able to tell me if I am missing something here as it seems a little too good to be true. I validate users using something like this;

        if (validateUser(form.Email, form.Password))
        {
            return signIn(form.Email);
        }

the validateUser function returns a boolean value. Sign in then does something like this;

    public void signIn(string email)
    {
        FormsAuthentication.SetAuthCookie(nameOfUser, false);
    }

Which will subsequently allow me to do things like this for all future requests;

string userEmail = User.Identity.Name;
Profile p = Profile.getProfileFor(userEmail);

This seems a little too simple to be safe! Is there anything I’m missing here / any blindingly obvious security risks? Or is this basically how it’s done?

Regards,

Mike

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There is so much more you can do with security:

    • Encrypt the password
    • Log every login attempt with IP address to identify attacks

    • Use an integer identity column instead of email:

      This will make the app leaner and faster.

      If you use a number instead of email a hacker would have a harder time associating the information(user) to hack. You can learn so much from a user just by having his email

    .

    • Cache the identity
    • Use roles
    • 0