ASP.NET user login best practices -

-

i want make login system using asp.net (mvc).

on internet, found bad examples involved sql in click events. other information pointed asp.net built-in membership provider.

however, want roll own. don't want use built-in membership provider, seems work on ms sql, , don't idea of having few foreign tables in database.

i think of something, need few pointers in right direction. not have high-security, regular common-sense security.

and have few direct questions:

  1. a lot of systems seem have session id stored in user table. guess tie session user prevent hijacking. check every time user enters page? , do if session expires?

  2. hashing, salting, do? know of md5 hashing , have used before. not salting.

  3. best practices cookies?

i dont know best practices can tell do. not hitech security job.

i use forms authentication. receive password secured ssl via textbox on login page. take password , hash it. (hashing 1 way encryption, can hash code cant reversed password). take hash , compare users hash in database. if hash's match use asp.nets built in authentication handling, handles cookies me.

the formsauthentication class has methods available fo you, such setauthcookie , redirectfromlogin. set cookie , mark them authenticated. cookie asp.net uses encrypted. cant speak security level though, in common use.

in class password check , use formsauth handle rest:

if(securityhelper.loginuser(txtusername.text, txtpassword.text)) {         formsauthentication.redirectfromloginpage(txtusername.text, true); }

Comments

Post a Comment

Popular posts from this blog

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

asp.net - In javascript how to find the height and width -

-
i having .aspx , masterpage page. in masterpage loading aspx page . in aspx page design using generating table structure using code-behind server in javascript how find height , width . regards, kumar if you're looking table height , width, should it var tbl = document.getelementbyid('tbldemo'); alert(tbl.offsetwidth + '\n' + tbl.offsetheight);
Read more

c# - DataTable to EnumerableRowCollection -

-
i have datatable according client requirement can contain invalid date "00/00/1999",null,empty string.(typed datset) when collect them enumerables wish convert of invalid forms empty string. (i.e) enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || (how check date invalid date) ? string.empty : order.field<datetime>("orderdate") } how check whether date valid date or not? datetime.tryparse...like given current code: datetime date; enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || !datetime.tryparse(convert.tostring(order.field<datetime...
Read more