Best practice for login screen using database

C

Carlos

I have an c# as.net app that check if the user exist in a USERS table, that
part is ok but now I need to pass the user ID no the next page beacuse I
need to do some databse queries with that user ID, I'm passing the values as
:
Context.Items.Add("UserID",TempUserID);
Context.Items.Add("VerifyString","OkPEV");
Server.Transfer("timesheet.aspx", true);

Now my problem is that in the timesheet.aspx page ths UserID come fine the
first time, but if I do refeesh or add a record to my timesheet databse I
loose the UseID.

So is it any way to keep that variable on memmory while the session is open
?

Thanks
 
R

Ramjee Tanguturi

Hi
I see there is some problem with the logic you have
chosen to adopt. If you pass the user ID through context
variables, there is every possibility that a potential
hacker could, do the same, just that he needs to know the
context keys you have chosen to use.
Instead, i would suggest you to use a different approach,
where every page that needs the user to be signed-in
should look up at a common function, which will return
the user ID. For this to happen, you can design all your
code-behind classes to inherit from a single base class,
extending System.Web.UI.Page. And in the page_load events
of all the pages, call the base class method, say
base.CheckIfUserIsSignedIn();
And in this base class method, write code in such a way
that it will check if the user us signed in, based on
some cookie value(i guess cookies are allowed) or you can
use session variables. For the first time, when the user
is shown a log-in form, s/he will be prompted to enter
the credentials. Once validated, you can store the user-
id token to a cookie or have it in session. The same can
be used wherever required. Checking for signed in, in
each page is to ensure, no one can by-pass the signed in
form and directly land to some transaction form.
The CheckIfUserSignedIn() method, should redirect the
user to a sign-in form or access denied form, if it finds
out that the user is not signed in.
Hope this solves your problem too
Let me know, if this has helped you in anyway.
Ramjee
 
G

Garry

I am using VB net app which uses the login component. I want to check the
user ID & password entered against a user table in my sql server database. I
do not know how to do this. Can you help me, or show me a code example.

thanks

garry
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Best Practice for Login Screen Using a Table form a Database 2
Login form no longer working 2
Problem in getting dashboard page from login page in python pycharm using POST command 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
What's best practice for connecting to a Sql Server database 3
My sliding panel in React Js with graphs on it renders nothing but a blank screen--need help 0
Defining a data structure - is there a standard/best practice way? 1
Best practice - frames? 2

Members online

Total: 52 (members: 2, guests: 50)
Robots: 153

Forum statistics

Threads
473,774
Messages
2,569,599
Members
45,175
Latest member
Vinay Kumar_ Nevatia

Latest Threads

Top