You could use something like session, but there is a built-in authentication framework called forms authentication. It's preferred to use the built in approach as they deal with many of the security issues and then you can leverage the built-in authorization
plumbing as well (rather than reinventing that wheel). All of this should use SSL, so you're good on that front.
BrockAllen
All-Star
27530 Points
4905 Posts
MVP
Re: Are sessions secure within SSL?
May 04, 2012 04:29 PM|LINK
You could use something like session, but there is a built-in authentication framework called forms authentication. It's preferred to use the built in approach as they deal with many of the security issues and then you can leverage the built-in authorization plumbing as well (rather than reinventing that wheel). All of this should use SSL, so you're good on that front.
http://msdn.microsoft.com/en-us/library/ff647070.aspx
http://support.microsoft.com/kb/301240
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/