How to Implement ASP.Net Forms Authentication

Question

Hello

Im just wondering how to go about using FormAuthentication in asp.net

In our project we are basing it on webservices, which returns an XML document on successful login with all the credentials we require. Whats the best way to store and access the information returned?

Thanks

EDIT: thanks for the response. I cant use the default provider because the provider is already given to us.

Basically, what I want to know is whats the most effecient way to store a Guid and an Integer on successful login so that it can be easily accessed by my asp.net application.

Answer 1

How to go about it? Its a complex subject which no one can answer fully here.

I can tell you that the easiest way to implement it is to use the standard SQL Server-backed forms authentication provider. This is a step-by-step on how to set it up.

It can get a little confusing when there are database issues, however. These are usually caused by common issues and some googling often straightens it out quickly.

Keep in mind, also, that forms authentication usually entails sending cleartext passwords across the network. So protecting your login URL with SSL is a must in a production environment.

Answer 2

Session["GUID"] = value; Session["INT"] = value;

Shoving the XML Dom object or xml in the Session object is not advisable for performance reasons when you only need 2 tiny values.

Answer 3

When you create your FormsAuthenticationTicket, you can set the UserData property to anything you like, including the data from the web service. That data will all be encrypted when placed into the Forms Authentication cookie, and will be decrypted on each subsequent request. The information will be available in the Ticket property of the FormsIdentity object that you can reach via HttpContext.Current.User.Identity.