I am developing an asp.net application in 3.5 where authentication is done using cookies. On the default page I am authenticating the user and setting some value in cookie. Whenever I need to authenticate the user I just verify it from the cookie. If the user is not authorized then I redirect him to the default page for authentication. Is this the correct way to do?
+1
A:
If you want to authenticate users using Usernames & Passwords with roles and the like, I suggest using .NET's Forms Authentication: http://www.asp.net/Learn/Security/.
Mr. Smith
2009-08-07 13:40:29
+1
A:
This is a great question on practice. I have done authentication using session variables before without any major issues. I do recommend using Forms Authentication and using the Membership class.
Dustin Scaggs
2009-08-07 13:42:58
I cannot use Sessions in my application.
Chetan
2009-08-07 16:55:58
Which is all fine and good. The forms auth is a better use of authentication anyways, IMHO.
Dustin Scaggs
2009-08-07 18:32:25