Home/ Questions/Q 3848268
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T16:40:37+00:00

I’ve never actually implemented a registration/login system before, so I’m trying my hand at

  • 0

I’ve never actually implemented a registration/login system before, so I’m trying my hand at making my own in C#/ASP.NET (not using ASP.NET’s built-in membership provider). What I’m a little unclear on is how to utilize Session/cookies to keep a user logged in during and between sessions.

protected void Login_User(object sender, EventArgs e)
{
    string username = usernameField.Text;
    string password = passwordField.Text;
    User user = UserRepository.FindUser(username);
    if (user != null)
    {
        if (user.Password.Equals(Hash(password)))
        {
            // How do I properly login the user and keep track of his session?
        }
        else
            Response.Write("Wrong password!");
    }
    else 
        Response.Write("User does not exist!");
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    its quite complicate for proper login system.

    1. create class that inherit System.Security.Principal.IPrincipal
    2. another class that inherrit System.Security.Principal.IIdentity
    3. Assign IPrincipal derivative to System.Web.HttpConext.Current.User
    4. if u dont want to use cookies then put your IPrincipal to Session.
    5. if HttpContext.Current.User is lost then re-assign by get from session(in very first event eg. page_init). for my code, i use FormsAuthenticationTicket as cookie and reassign at Global.asax on event PostAuthenticateRequest

    the good thing of using HttpContext.Current.User is u can mark method attribute.

    [Authorize] // authorized user only
public void btn_click(...){...}

    i’m not sure for normal asp.net but it work very well in asp MVC

    if u want to use cookies, try System.Web.Securitiy.FormsAuthenticationTicket and FormsAuthentication

    sample

    public class WebUser:System.Security.Principal.IPrincipal
{
  ...
  public System.Security.Principal.IIdentity Identity{get; private set;}
  public WebUser(...)
  {
    this.Identity = new WebIdentity(...);
    HttpContext.Current.User = this;
  }
}
public class WebIdentity : System.Security.Principal.IIdentity
{
  ...
}

public void Login(...)
{
  var newUser = new WebUser(...);
}
    • 0