0

How can i make something like this in MVC3 where i can still use [Authenticate] in the controller (or in a filter that is applied to all pages except the login page) ?

  1. User enters username and password which gets sent to the server as a post request.
  2. Application receives the posted information on the login page [httpPost]
  3. Application creates a new unique SESSIONID and writes it to the database
  4. Application requests that the browser writes a cookie with value SESSIONID=
  5. The next time the user requests a page cookie with SESSIONID= gets send everytime. (until it expires or is deleted)
  6. Application compares SESSIONID and IP address, which has been sent and checks if it exists as a valid session with that IP in the database. (Some session cleanup will be performed on login as well, users other sessions that exists will be removed)

This approach, seems to be rather difficult for me in ASP.NET. :-)

Improve this question

1 Answer 1

Reset to default
4

This is already build into Asp.Net. I think you should have a look at the Membership provider => http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

+1 yep, definitely use the baked in Membership and FormsAuthentication classes in this situation
Is it also possible with own custom schemes? I don't need all the attributes an would like a simple session table and a simple user table instead of the inbuilt membership tables.
Yes you can! ;) You can implement you own membership provider with you own logic.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.