Home/ Questions/Q 7580651
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T17:58:14+00:00

I’m using standard forms authentication with my custom membership and roles providers. Everything fine,

  • 0

I’m using standard forms authentication with my custom membership and roles providers. Everything fine, except user deletion: if I delete user from the database, he remains happily logged in as long as he have the cookie. So, as I can see, standard authentication dosn’t require anything except cookie, it doesnt even care whether user exists or not.

So my questions are:

  1. How can I make standard authentication at least check whether user exists or not before letting him in?

  2. How secure is standard authentication?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    How can I make standard authentication at least check whether user exists or not before letting him in?

    You could implement a custom Authorize attribute and in the AuthorizeCore method once you have called the base method, verify if the user exists in the database before letting him in by returning true. Notice though that this checking in database will happen on each request.

    How secure is standard authentication?

    Forms authentication exists since the early days of ASP.NET and it is a proven and secure technology if used properly.

    • 0