0

I'm about to start working on an ASP.NET (C#) website project which requires users to authenticate and I've run into a bit of a design issue. I am required to use a SQL Server database to store the web app's data (to include user's login data), but all of the information I've found regarding ASP.NET and authentication uses Windows Authentication.

Now of course I could just write the code to query the database and check the users input against the database to see if the username/password exists (the current plan), but then how do I set the state of the session to authenticated along with other data (such as a user ID) so that the site can give the user only their data?

Improve this question
3
  • its not true, there are many articles on how you store your authentication on MS SQL Commented Jan 11, 2015 at 21:38
  • There are as many ways to answer this as there are programmers. Sadly, voting to close as "too broad". Commented Jan 11, 2015 at 21:39
  • Read this msdn.microsoft.com/en-us/library/ff647396.aspx Commented Jan 11, 2015 at 21:43

1 Answer 1

Reset to default
3

First, read more on Forms Authentication. You couldn't have really missed that (could you?) but it's the other major authentication mechanism that doesn't involve Windows accounts, instead the session is maintained with the help of a cookie that stores the user name together with any other so called user data (could be user ID or whatever else).

Second, the Membership/Role Provider mechanism is available for like 10 years - and it gives you an abstraction you implement on your own. The abstraction is about storing users/passwords/roles. The Membership/Role Provider is nowadays slowly replaced with the Identity 2.0 framework and you are free to choose the olderone or try the newer.

These two together, Forms Authentication and Membership/Role Provider, make a foundation of what you need.

The basic flow is as follows:

  1. users request various resources ("pages")
  2. some resources are guarded from anonymous access and require authentication/authorization
  3. the Forms Authentication module redirects requests to such resources to a login page (login view)
  4. in the login page you use the Membership/Role Provider to verify user and issue a Forms cookie
  5. you redirect back

The Forms authentication module now picks the cookie upon every request and recreates the identity so that the user is authenticated when your server code is about to run.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.