Displaying Member Details To Correct User

Question

Hi there,

I currently have a website and upon registration to the website i generate each member a unique GUID. Upon the user logging in to the website i check the credentials and store the guid in session if successful, in order to show the user there profile / how many post have been made etc i run my queries to the database passing the users session GUID to fetch data related to them.

Can anyone kindly confirm a better approach for this ?

Answer 1

Have a look at the membership features in ASP.Net: http://msdn.microsoft.com/en-us/library/ms998347.aspx

Answer 2

This is basically how most authentication/authorization systems work. Some things you may want to keep in mind:

1. Don't reinvent the wheel if you don't need to - as Max pointed out, ASP.NET has a built-in auth provider that is fairly feature-rich and can be extended as well.
2. I would avoid storing anything in Session unless you have to. It is easy to get lazy with Session, and it is also potentially volatile - if you bounce the service, anything in Session is gone.
3. If you store a cookie on the client to handle this, ensure it is salted and encrypted.