How can I set up ASP.NET login to allow the UserName or UserId to be retrieved later on in the session?

Question

Hi,

I'm trying to create a login system for my website, I've created a custom login.ascx and when the user clicks [ Login ] a div pops up with the contents of login.ascx.

Then after the user enters their credentials, they click on the Login button. They get validated and logged in using this code in the login click function:

if( Membership.ValidateUser( userName.Text, password.Text ) )
{
    //Here is where I'm not sure what to do   
}
else
{
    LoginError.Visible = true;
}

So in the section where I'm not sure what to do, I would like the user to get logged in (Not sure if that means creating an authentication ticket or whatnot). What does is the next step to actually log the user in, I don't want them to get redirected anywhere since they are on the correct page already.

I would also like to be able to retrieve their user name or user id later on for use in my web services. So, for this should I do a Session.Add to create a new session value or is there some other way of storing the data that is preferred?

Answer 1

For authenticating the user,

    FormsAuthenatication.SetAuthCookie(username, false/*true if you want to remember the user's login*/);

This logs the user in. You can later use

Page.User.Identity.Name

to retrieve username of the current user and

Page.User.Identity.IsAuthenticated

to check if the user is logged in.

Answer 2

There's no need to store it in Session. Just use:

FormsAuthentication.SetAuthCookie

to send an authentication ticket to the client. Then use HttpContext.Current.User.Identity to retrieve it later.

Answer 3

I find using the membership provider is useful, I would recommend it

Scott Guthrie posted great blog on this

http://weblogs.asp.net/scottgu/archive/2006/05/07/ASP.NET-2.0-Membership-and-Roles-Tutorial-Series.aspx