I’m new to C# and ASP.NET (not MVC) and trying to code a web site.
Here is the question:
Which is the best approach for Login, Authorization and Session management? I’m not asking for how to use built-in membership classes or another ready-to-use solutions. I’m merely asking for a manual approach or methodology.
After a member writes User Name and Password and clicks submit button; which do you think is the best solution to keep user logged while he\she browses pages, clicks buttons or somehow interacts with the web site
E.g is it a good method to use Session and write the User Name, Id etc. to session and read the session in every page request to check if there’s any member information; if so, set the page layouts according to member’s preferences?
Or creating an object in login, setting it’s properties according to logged in user and using same object for entire session and destroying it with logging out?
Thx
I suggest that the best approach is to use a pre-exisitng solution that has proven realiable.
For authentication, use a
MemberShipProvider. If you don’t want to use for instance theSqlMembershipProvider, feel free to implement your own by deriving fromSystem.Web.Security.MembershipProvider. Then register you custom provider in theweb.configfile of your application.To get started, just search the web for “build a custom membership provider” and you will find lots of tutorials.
For authorization, use the possibilities provided by the
<authorization>...</authorization>section inweb.config. Make sure to learn about the possibility of placing additional web.config files in sub folders of your application.If you need role based authorization, use a
RoleProvider. Related web search: “build a custom role provider“.If you want to allow your users to store preferences, use a
ProfileProvider.In short, resist the temptation of reinventing the wheel…