I'm doing this as a project for practice in developing real asp.net websites. As a result, please keep your answers related to my particular desired solution. Also, this site will never be public so I'm not *currently* worried too much about security.
I want to save some information about a users usersname and company id after a succesful login. I should be able to store the username value as a property of the session, rather than directly into the HttpSessionState. I successfully do this with Company
Id (it comes from a database, but is not used for anything other than a welcome page greeting), but not the Username (which I want to use to verify a user on each secure page). Furthermore, the session object should be able to store itself into the session.
I found out how to store a session into itself, i think, like this:
public void Create(HttpSessionState session)
{
session["user"] = this;
}
When I call the username value from a new page that needs to be verified, I should be able to cast session["user"] to the object, and retrieve values from the properties of the object, but I'm not sure how to do this.
My Session Class thus far:
using System;
using System.Diagnostics;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.SessionState;
namespace MarketingFamily.UI
{
[Serializable]
public class MySession
{
private string _username;
private string _companyid;
public MySession()
{
Username = Business.User._username;
CompanyId = Business.User._companyId;
}
public static MySession Current
{
get
{
try
{
MySession session = (MySession)HttpContext.Current.Session["__MySession__"];
if (session == null)
{
session = new MySession();
HttpContext.Current.Session["__MySession__"] = session;
}
return session;
}
catch (NullReferenceException e)
{
Debug.WriteLine("NullReferenceException:");
Debug.WriteLine(e);
}
return null;
}
}
public void Create(HttpSessionState session)
{
session["user"] = this;
}
public string Username
{
get
{
if (HttpContext.Current.Session["Username"] == null)
{
return string.Empty;
}
else
{
return HttpContext.Current.Session["Username"].ToString();
}
}
set
{
}
}
public string CompanyId
{
get
{
if (HttpContext.Current.Session["CompanyId"] == null)
{
return string.Empty;
}
else
{
return HttpContext.Current.Session["CompanyId"].ToString();
}
}
set
{
HttpContext.Current.Session["CompanyId"] = value;
}
}
}
}
And then in my page immediately following the login (the first place I check the username) which needs to be corrected:
Congrates Insteded of Using the validation that hits the Server for value Just Pass a value into session with login status and Maintain It to that the efficiency would increase
Marked as answer by Amy Peng - MSFT on Feb 01, 2013 01:02 AM
Nibirue
0 Points
1 Post
Saving username into session to help secure site
Jan 24, 2013 06:48 PM|LINK
I'm doing this as a project for practice in developing real asp.net websites. As a result, please keep your answers related to my particular desired solution. Also, this site will never be public so I'm not *currently* worried too much about security.
I want to save some information about a users usersname and company id after a succesful login. I should be able to store the username value as a property of the session, rather than directly into the HttpSessionState. I successfully do this with Company Id (it comes from a database, but is not used for anything other than a welcome page greeting), but not the Username (which I want to use to verify a user on each secure page). Furthermore, the session object should be able to store itself into the session.
I found out how to store a session into itself, i think, like this:
public void Create(HttpSessionState session) { session["user"] = this; }When I call the username value from a new page that needs to be verified, I should be able to cast session["user"] to the object, and retrieve values from the properties of the object, but I'm not sure how to do this.
My Session Class thus far:
using System; using System.Diagnostics; using System.Collections.Generic; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.SessionState; namespace MarketingFamily.UI { [Serializable] public class MySession { private string _username; private string _companyid; public MySession() { Username = Business.User._username; CompanyId = Business.User._companyId; } public static MySession Current { get { try { MySession session = (MySession)HttpContext.Current.Session["__MySession__"]; if (session == null) { session = new MySession(); HttpContext.Current.Session["__MySession__"] = session; } return session; } catch (NullReferenceException e) { Debug.WriteLine("NullReferenceException:"); Debug.WriteLine(e); } return null; } } public void Create(HttpSessionState session) { session["user"] = this; } public string Username { get { if (HttpContext.Current.Session["Username"] == null) { return string.Empty; } else { return HttpContext.Current.Session["Username"].ToString(); } } set { } } public string CompanyId { get { if (HttpContext.Current.Session["CompanyId"] == null) { return string.Empty; } else { return HttpContext.Current.Session["CompanyId"].ToString(); } } set { HttpContext.Current.Session["CompanyId"] = value; } } } }And then in my page immediately following the login (the first place I check the username) which needs to be corrected:
private void Page_Load(object sender, System.EventArgs e) { string redirectLogin = "../Default.aspx"; _labelUsername.Text = MySession.Current.Username; _labelCompanyId.Text = MySession.Current.CompanyId; if ((string)Session["Username"] != _labelUsername.Text) { Debug.WriteLine("Welcome.1 FAILURE: " + _labelUsername.Text); Debug.WriteLine("Welcome.2 FAILURE: " + (string)Session["Username"]); Response.Redirect(redirectLogin); } else { Debug.WriteLine("Welcome.2 SUCCESS: " + _labelUsername.Text); } }How Username initially gets saved (in my login page):
... User user = new User(); user.Login(_username.Text, _password.Text); if (user.IsValid() && user.GetIsUser() != false) { user.Save(); Session["Username"] = _username.Text; Response.Redirect("Secure/Default.aspx"); }Chintalas
Member
40 Points
16 Posts
Re: Saving username into session to help secure site
Jan 27, 2013 05:53 AM|LINK
Congrates Insteded of Using the validation that hits the Server for value Just Pass a value into session with login status and Maintain It to that the efficiency would increase