Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Once the user is authenticated, I fetch the User information from the Database and saves it in Session.
Now, In order to validate the user to authorize for a particular page, Enumeration is present for Roles/Pages. Finally I compares it with the Session data for indivisual page. As, directories can be nested, So, I personally feel that it is a flexible approach.
So, Is it a Good practice or I can use FormAuthentication Ticket Class as the approach use Web.Config.
Form Authentication provides you less effort to write basic security of your web pages.
offcourse you can write your own code as you mentioned , but you have to make sure that all the pages must have authentication checks either by writing code on all the pages or by deriving your authentication checks from a single base page or helper classes.
I myself never want to write custom code for authentication as FormAuthentication itself provides you protecting all the directory/pages inside your website.
There are many other features e.g.
explore google for this and you’ll find more advantages…