ive got a simple application up and running, user logs in, takes data and saves to database.
i was having trouble with login recently (all i used was the deafult login of asp project and [Authorize] in some controllers) my problem being that after login, some pages would log you out, data wouldnt be saved etc.
i was told to use session management. Now ive been looking around, and i used aspne_regsql to install the session state tables to my database.
Session has nothing to do with authentication. The [Authorize] attribute and any other security checks go against the built-in User object for User.IsInRole and User.Identity.Name checks.
Both session and forms authentication track the user with a cookie, but the point is that they're separate cookies with separate timeouts. And you don't have to use session to have authentication.
So with this bit of background info, what's the specific issue you're having?
right this is all new to me, thanks for your reply.
the problem i had was that the logged in user kept getting logged out between different pages, also when some data is entered and when form is submitted it would get logged out then too
How do you know the user is logged out? Meaning... are you using User.Identity.IsAuthenticated to check this? If User.Identity.IsAuthenticated is true then the username is available via User.Identity.Name.
I'm just trying to figure out if you're using the authentication system correectly or if you're using a flag in session state to track the logged in user.
Oh, or maybe the issue you're having is that the current user is authenticated but then you hit a controller where there's an [Authorize(Roles="SomeRole")] and the user is not in that role? If this happens, you will be redirected to the login page but you
are still logged in. On the login page check for User.Identity.Name.
archie8
Member
428 Points
308 Posts
how to use session management?
Apr 05, 2012 09:58 AM|LINK
hi everyone, im using asp.net mvc 3 and c#
ive got a simple application up and running, user logs in, takes data and saves to database.
i was having trouble with login recently (all i used was the deafult login of asp project and [Authorize] in some controllers) my problem being that after login, some pages would log you out, data wouldnt be saved etc.
i was told to use session management. Now ive been looking around, and i used aspne_regsql to install the session state tables to my database.
and ive got this in web.config:
<system.web> <sessionState mode="SQLServer" allowCustomSqlDatabase = "true" sqlConnectionString="data source=xxxxx;database=xxxxx;user id=xxxxx;password=xxxxx" cookieless="false" timeout="20" />ive got session id's saving in the table, but as far as the application goes, im not sure what to do next...
or how to solve my login issue. any help would be much appreciated.
thanks
kirupa.v
Contributor
2070 Points
531 Posts
Re: how to use session management?
Apr 05, 2012 10:10 AM|LINK
Hi,
Check for this link to have a complete knowledge of session state management.
http://msdn.microsoft.com/en-us/library/75x4ha6s.aspx
BrockAllen
All-Star
27516 Points
4898 Posts
MVP
Re: how to use session management?
Apr 05, 2012 03:23 PM|LINK
Session has nothing to do with authentication. The [Authorize] attribute and any other security checks go against the built-in User object for User.IsInRole and User.Identity.Name checks.
Both session and forms authentication track the user with a cookie, but the point is that they're separate cookies with separate timeouts. And you don't have to use session to have authentication.
So with this bit of background info, what's the specific issue you're having?
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
archie8
Member
428 Points
308 Posts
Re: how to use session management?
Apr 06, 2012 09:10 AM|LINK
right this is all new to me, thanks for your reply.
the problem i had was that the logged in user kept getting logged out between different pages, also when some data is entered and when form is submitted it would get logged out then too
from my first post, would would you suggest i do?
thanks for the info
BrockAllen
All-Star
27516 Points
4898 Posts
MVP
Re: how to use session management?
Apr 06, 2012 12:59 PM|LINK
How do you know the user is logged out? Meaning... are you using User.Identity.IsAuthenticated to check this? If User.Identity.IsAuthenticated is true then the username is available via User.Identity.Name.
I'm just trying to figure out if you're using the authentication system correectly or if you're using a flag in session state to track the logged in user.
Oh, or maybe the issue you're having is that the current user is authenticated but then you hit a controller where there's an [Authorize(Roles="SomeRole")] and the user is not in that role? If this happens, you will be redirected to the login page but you are still logged in. On the login page check for User.Identity.Name.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
vishalgjoshi
Member
85 Points
35 Posts
Re: how to use session management?
Apr 07, 2012 08:40 AM|LINK
You can get more details about session mgnt here
http://msdn.microsoft.com/en-us/library/ms178586.aspx