Home/ Questions/Q 9056015
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T14:05:31+00:00

I am creating ASP.NET MVC web application. I have data model User: using System;

  • 0

I am creating ASP.NET MVC web application. I have data model User:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace Knihovna.Models
{
    public class User
    {
        public int UserId { get; set; }
        public string Name { get; set; }
        public string Login { get; set; }
        public string Password { get; set; }
        public List<Book> Books { get; set; }
    }
}

and I need to create user registration and user login. Application needs to know If user is logged in.

Is there some best practises how to do it? Save logged in user in session?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would use the ASP.NET membership and role provider model. If you would like to do it with your custom tables you can create a class that inherits from Membership Provider. There are a number of methods you can implement to support things like changing passwords, forgot password etc… but the one for logging in would be ValidateUser

    public sealed class MyMembershipProvider : MembershipProvider
{
    public override bool ValidateUser(string username, string password)
    {
        bool isValid = false;
        // your authentication logic here
        var ticket = new FormsAuthenticationTicket(
                    1,
                    YOUR_USER_ID_HERE,
                    DateTime.Now,
                    DateTime.Now.AddMinutes(30),
                    false,
                    name,
                    FormsAuthentication.FormsCookiePath);

                var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
                HttpContext.Current.Response.Cookies.Add(authCookie);

        return isValid;
    }
}

    You will also need to create a role provider if you would like there to be different levels of users. To do so you will inherit from the RoleProvider class.

    public sealed class MyRoleProvider : RoleProvider
{
   // Implement logic here
}

    To authorize certain areas of your application you would use the Authorize attribute.

    public class MyController : Controller
{
     [Authorize(Roles="Role1,Role2")]
     public ActionResult Index()
     {
         // Implement your code
     }
}

    Finally there is some configuration in the web.config you have to do to get it to use your providers. 

    <authentication mode="Forms">
  <forms loginUrl="~/Login" timeout="2880"/>
</authentication>
<membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="20">
  <providers>
    <clear/>
    <add name="MyMembershipProvider" type="Your.NameSpace.MyMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" writeExceptionsToEventLog="false"/>
  </providers>
</membership>
<roleManager enabled="true" defaultProvider="MyRoleProvider" cacheRolesInCookie="true">
  <providers>
    <clear/>
    <add name="MyRoleProvider" type="Your.NameSpace.MyRoleProvider"/>
  </providers>
</roleManager>

    You can find more information about the memberhsip and role providers on MSDN

    • 0