I have an asp.net project and I am trying to develop the user profile part, so that users can log in with their own profile (profile containing admin and users).
Is it okay to set a cookie on users computer, when the user is logged in and then let the user browse in site? I mean after after I check user name and password, by checking this cookie on every page I let the user browse the page or redirect to the login page.
Is this way okay?
Is this safe to use?
Is there any better approach for this?
You can use SqlProfileProvider. Adding profile properties can be done by adding some code to your web.confing (inside system.web section, database for sqlprofile structure must be present):
<profile defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ASPNETDB" applicationName="MyApplication" description="SqlProfileProvider"/>
</providers>
<properties>
<add name="LanguageId" allowAnonymous="false" type="System.Int32"/>
<add name="Company" allowAnonymous="false" type="System.String"/>
</properties>
</profile>
In this example I have added two profile properties languageId nad Company. You can access this properties using following code:
ProfileBase profile = ProfileBase.Create("SomeUserName");
string company = (string)profile["Company"];
For additional info about SqlProfileProvider visit following link:
http://msdn.microsoft.com/en-us/library/system.web.profile.sqlprofileprovider.aspx