Using Session to store authentication?
I'm having a开发者_如何学编程 lot of problems with FormsAuthentication and as as potential work around I'm thinking about storing the login
in the Session
?
Login:
Session["Auth.ClientId"] = clientId;
IsAuthenticated:
Session["Auth.ClientId"] != null;
Logout;
Session["Auth.ClientId"] == null;
I'm not really using most of the bells and whistles of FormsAuthentication
anyway. Is this a bad idea?
I would not store any valuable information in the session.
For authentication I would use:
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
// Then u use
// this.User.Identity.Name as my membership_id so i could call this everywhere
}else
{
//Redirect to Login
//gettting my LoginPageAddress
Response.Redirect(ConfigurationSettings.AppSettings["LoginPage"]);
}
Login is something like this:
FormsAuthentication.SetAuthCookie(membership_ID, false)
Anyway hope this helps
i don't think it's an bad idea, i've seen plenty of sites using session together with a db to store auth data, however there are other ways to get around not using the formsauthentication tables but still be able to use things like roles.
How do I create a custom membership provider for ASP.NET MVC 2?
has good examples of that.
精彩评论