views:

82

answers:

2

I'm having a lot of problems with FormsAuthentication (http://stackoverflow.com/questions/2964342/problem-with-asp-net-authentication) and as as potential work around I'm thinking about storing the login in the Session?

Login: Session["Auth.ClientId"] = clientId;

IsAuthenticated: Session["Auth.ClientId"] != null;

Logout; Session["Auth.ClientId"] == null;

I'm not really using most of the bells and whistles of FormsAuthentication anyway. Is this a bad idea?

A: 

i don't think it's an bad idea, i've seen plenty of sites using session together with a db to store auth data, however there are other ways to get around not using the formsauthentication tables but still be able to use things like roles.

http://stackoverflow.com/questions/2771094/asp-net-mvc2-custom-membership/2925372

has good examples of that.

Joakim
+1  A: 

I would not store any valuable information in the session.

for authentication i would use if (HttpContext.Current.User.Identity.IsAuthenticated) { Then u use this.User.Identity.Name as my membership_id so i could call this everywhere }else {

//Redirect to Login //gettting my LoginPageAddress Response.Redirect(ConfigurationSettings.AppSettings["LoginPage"]); }

Login is something like this FormsAuthentication.SetAuthCookie(membership_ID, false)

Anyway hope this helps

pjb