Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I have added functionality to my web app to allow someone to create an account with a password, which is then hashed and stored.
I would like to be able to allow the user to login to my site and use the pages within that check the user has access. Then after a period of time the session will expire and the user has to log in again.
It would also be good to have a logout button.
I am just wondering what is the best way to setup this kind of security as I have not done it before like this.
That wheel that you are making is nice for sure, but why not use one that has been invented already?
http://support.microsoft.com/kb/301240
As for sessions, you can use Session["NameOfSession"] to create a variable, don't forget to use Session.Abandon() though when a user logs out.
http://msdn.microsoft.com/en-us/library/ms178581.ASPX
As HTTP is offline protocol then there should be some extra-data being sent between client and server that makes server know you are logged on every request. The thing like this is cookie file that holds this information. On every request server checks this data and decides if you've already logged or not. Once you find the user's name and pass are OK you create this file, set its lifetime and attach to server response. After this the client browser will automatically send it to your server with each request. Once file is expired it will be automatically deleted by client browser.
You can maintain this functionality by hands or trust to FormsAuthentication.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I need my program to be able to connect to some kind of a database (e.g. SQL) and obviously the program needs the password to get access to the database. And setting a hardcoded variable with a password would be more than enough but I want to think like it's a real life situation. So I want it to be stored securely, and hardcoding a password to the code from what I know is not a very good idea. How do I do it then? I searched multiple forums, topics and maybe there was an answer but im not gonna lie it is complicated. Any help?
It's a broad question but the simple answer is that you would not store it but instead make the user provide a password.
Typically you would have an API server between an app and a database rather than allow direct access to the DB. The API would have a route that accepts a username and password and returns a jwt or some other kind of authorization token. Subsequent calls to the API would also send the token, which is used to verify the requests. You can store the authorization token locally but its something you should try to protect from other applications as much as possible.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
Is there a way to have a session send and receive data in intervals even after the user has closed their browser? We have members that signup and sometimes not receive a confirmation code due to a lost request to retrieve that code from our server that generates it.
My thought is to have the session try to retrieve that code for up to 4 hours in 30 minute intervals. If not, it will send an email to the member letting them know they need to signup again.
Is this possible with sessions? We are using .NET
Due to the nature of the web being disconnected you web pages/views should should show data and post data back back on user interaction where the the most immediate functions do what they need to do quickly. For instance if a user signs up to your service they are presented with a signup page, when the commit that page their details should be saved any further actions should not be done on that page and any operation needs to assume that browser could close at any time. If a user submits the signup form you should save their details.. anything else like email notifications etc should happen after that. To enable this simply, you could use something like HangFire (https://www.hangfire.io) to monitor signups and send emails using a background process.. (you could trigger this at the time as part of your signup method or have a recurring task to check signups) the key point being that the long running task like constructing and sending an email will be done outside the page request.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am currently making a website using ASP.NET MVC5 and I need to keep track of active sessions (or to be more correct, a single value for each users session)
I have looked around and people seem to recommend Session_end() for this but all those recommendations are accompanied by people saying that session_end isn't reliable.
The reason I need to keep track of this is that users receive a unique folder to upload files to. This folder is deleted when a user completes the process but it remains if the website is closed without finishing it.
I currently save the value in a session variable (users should get a folder even when not logged in) and it is lost when the session expires. After the session expired, the folder should be deleted as no user can access it anymore (to save storage space).
I have access to a database, in case that helps for a solution.
It is true that the Session events are unreliable. As a rule of thumb playing with Session is almost never a good idea.
Now if I had to start from scratch with your requirements, I'd go with something that can actively monitor the active user connections on the web application.
Lucky for you there's a tool that does this and much more: SignalR. It's an ASP.NET component that allows to create responsive applications where multiple session can communicate with each other passing through the server. Applications like chats, dashboards and webgames are common applications of this library.
I suggest you to take a look at it and experiment a little, it has all you need to solve your current problem.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am creating a MVVM application and the basic system allows a user to register, login, and add data to a database.
There are multiple users, so I want the system to be able to maintain the user's credentials/state after they login and have the application open.
So far I haven't been able to find any good tutorials online to advise me about this, so if anyone knows any or knows of a way to do this I would really appreciate some help.
Thanks.
You can use application settings as a store for user state and credentials. To store settings in user's profile, you should set corresponding scope for each setting you'll define.
Consider settings as a part of application model (Model in MVVM).
Build model when starting application, using application settings, and save it on application shutdown.
Also, do not store passwords in clear text. Use ProtectedData to encrypt and decrypt passwords.
Use cookies or local storage are 2 things that jump out to me.
Simply, after receiving the username and password of the user, if the credentials are correct generate a guid and save it to db for that user and add this guid in cookies also. And on every request search the guid value in db and authorize the user if the guid is existing.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I had made a site for client in which users can make request for songs, there's a database having songname, by whom, written by, sang at etc. The site is hosted and working fine.
The way the admin gets to know what is asked for is by using the website but now he wants that there be a desktop application which displays all the requests so he does not have to log in and use the website
I do have an idea to get this done, but I am hoping for a well known established way. I am using C# asp.net.
I think you can create an Http Handler. This handler will listen to the request and you can log them in a database, and the windows application will read from the database.
You can simply use Timer in windows application.
Set your Timer to either 1 min or 2 min as per your need.and on its Tick event you check the live database whether is there any new request come or not..
If new request come then you can show some notification or something like this...