开发者

Using Session to store authentication?

I'm having a开发者_如何学编程 lot of problems with FormsAuthentication and as as potential work around I'm thinking about storing the login in the Session?

Login:
Session["Auth.ClientId"] = clientId;

IsAuthenticated:
Session["Auth.ClientId"] != null;

Logout;
Session["Auth.ClientId"] == null;

I'm not really using most of the bells and whistles of FormsAuthentication anyway. Is this a bad idea?


I would not store any valuable information in the session.

For authentication I would use:

if (HttpContext.Current.User.Identity.IsAuthenticated)
{
    // Then u use 
    // this.User.Identity.Name as my membership_id so i could call this everywhere
}else
{
    //Redirect to Login
    //gettting my LoginPageAddress
    Response.Redirect(ConfigurationSettings.AppSettings["LoginPage"]);
}

Login is something like this:

FormsAuthentication.SetAuthCookie(membership_ID, false)

Anyway hope this helps


i don't think it's an bad idea, i've seen plenty of sites using session together with a db to store auth data, however there are other ways to get around not using the formsauthentication tables but still be able to use things like roles.

How do I create a custom membership provider for ASP.NET MVC 2?

has good examples of that.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜