ASP.Net - Maintaining session state and site security after authentication via API
I'm working on the front-end of a web application and the login page so far basically contains a textbox for username, a textbox for password and a submit button.
To authenticate I pass userName and password to the API and is credentials are valid it returns an AccountID as a response, Or an error code if something went wrong.
But checking that the user is valid is as far as the applications API goes, it's up to me to maintain session state and login status for the inside pages.
What would be the best way to set this up after the API verifies 开发者_运维问答a user? I have no idea where to start...
What you normally should do is implementing your custom MemberShipProvider. This allows you to provide your own implementation of ValidateUser (ASP.net Login Control uses this to verify if the credentials).
Look at the ASP.NET Membership Provider. MSDN Link for info.
You basically need to use this and put your API calls in the corresponding methods.
精彩评论