I've never actually implemented a registration/login system before, so I'm trying my hand at making my own in C#/ASP.NET (not using ASP.NET's built-in membership provider). What I'm a little unclear on is how to utilize Session/cookies to keep a user logged in during and between sessions.
protected void Login_User(object sender, EventArgs e)
{
string username = usernameField.Text;
string password = passwordField.Text;
User user = UserRepository.FindUser(username);
if (user != null)
{
if (user.Password.Equals(Hash(password)))
{
// How do I properly login the user and keep track of his session?
}
else
Response.Write("Wrong password!");
}
else
Response.Write("User does not exist!");
}
its quite complicate for proper login system.
the good thing of using HttpContext.Current.User is u can mark method attribute.
[Authorize] // authorized user only
public void btn_click(...){...}
i'm not sure for normal asp.net but it work very well in asp MVC
if u want to use cookies, try System.Web.Securitiy.FormsAuthenticationTicket and FormsAuthentication
sample
public class WebUser:System.Security.Principal.IPrincipal
{
...
public System.Security.Principal.IIdentity Identity{get; private set;}
public WebUser(...)
{
this.Identity = new WebIdentity(...);
HttpContext.Current.User = this;
}
}
public class WebIdentity : System.Security.Principal.IIdentity
{
...
}
public void Login(...)
{
var newUser = new WebUser(...);
}