Ask a Question related to ASP.NET Security, Design and Development.
-
Carlos #1
Best practice for login screen using database
I have an c# as.net app that check if the user exist in a USERS table, that
part is ok but now I need to pass the user ID no the next page beacuse I
need to do some databse queries with that user ID, I'm passing the values as
:
Context.Items.Add("UserID",TempUserID);
Context.Items.Add("VerifyString","OkPEV");
Server.Transfer("timesheet.aspx", true);
Now my problem is that in the timesheet.aspx page ths UserID come fine the
first time, but if I do refeesh or add a record to my timesheet databse I
loose the UseID.
So is it any way to keep that variable on memmory while the session is open
?
Thanks
Carlos Guest
-
Login to admin system through login screen only
Hi there, I have an issue relating to login to my asp.net application. Basically i have built the standard login page which compares against the... -
ASP (not Asp.Net) database best practice?
Will the object variables of Connection, - Server.CreateObject("ADODB.Connection") Recordset - Server.CreateObject("ADODB.Recordset") and... -
session problem - login screen continually reloads after pressing the login button
I am trying to get sessions to work on a log in screen to give certain users access to certain pages/directories. The problem is that when the... -
The login Screen
Press CTRL -> ALT -> DEL at the welcome screen -- good luck! Please Send Reply only in newsgroup Tim -
best practice question regarding AspState database for sessions
Quick question regarding best practices for using the AspState database for storing session variables in .NET web applications. I know I need to... -
Ramjee Tanguturi #2 Best practice for login screen using database
Hi
I see there is some problem with the logic you have
chosen to adopt. If you pass the user ID through context
variables, there is every possibility that a potential
hacker could, do the same, just that he needs to know the
context keys you have chosen to use.
Instead, i would suggest you to use a different approach,
where every page that needs the user to be signed-in
should look up at a common function, which will return
the user ID. For this to happen, you can design all your
code-behind classes to inherit from a single base class,
extending System.Web.UI.Page. And in the page_load events
of all the pages, call the base class method, say
base.CheckIfUserIsSignedIn();
And in this base class method, write code in such a way
that it will check if the user us signed in, based on
some cookie value(i guess cookies are allowed) or you can
use session variables. For the first time, when the user
is shown a log-in form, s/he will be prompted to enter
the credentials. Once validated, you can store the user-
id token to a cookie or have it in session. The same can
be used wherever required. Checking for signed in, in
each page is to ensure, no one can by-pass the signed in
form and directly land to some transaction form.
The CheckIfUserSignedIn() method, should redirect the
user to a sign-in form or access denied form, if it finds
out that the user is not signed in.
Hope this solves your problem too
Let me know, if this has helped you in anyway.
Ramjeea USERS table, that>-----Original Message-----
>I have an c# as.net app that check if the user exist innext page beacuse I>part is ok but now I need to pass the user ID no thepassing the values as>need to do some databse queries with that user ID, I'mUserID come fine the>:
>Context.Items.Add("UserID",TempUserID);
>Context.Items.Add("VerifyString","OkPEV");
>Server.Transfer("timesheet.aspx", true);
>
>Now my problem is that in the timesheet.aspx page thstimesheet databse I>first time, but if I do refeesh or add a record to mythe session is open>loose the UseID.
>
>So is it any way to keep that variable on memmory while>?
>
>Thanks
>
>
>
>
>
>
>
>
>
>.
>Ramjee Tanguturi Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
