http://forums.asp.net/t/1806861.aspx/1?AuthenticationThu, 24 May 2012 00:22:26 -040018068614994567http://forums.asp.net/p/1806861/4994567.aspx/1?Authentication <p>Hi Guys,</p> <p>&nbsp;</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; What are the advantages of using Forms authentication compared to classic authentication(i.e&nbsp; i can validate the user id and store it</p> <p>in session and the session value can be used in other pages). I tried to google but I didn't find clear explanation. Can some one help me.</p> 2012-05-23T22:07:12-04:004994606http://forums.asp.net/p/1806861/4994606.aspx/1?Re+Authentication <p>Forms auth is a well established secure mechanism for authenticating users. Also, it's using the standard authentication APIs in ASP.NET and in .NET so that other parts of the framework can also participate in security (typically around authorization) in a standard way without knowing baout your custom flag in session. Don't build your own security as this typically means your app is not as secure as it could be.</p> <p>Also, <a href="http://brockallen.com/2012/04/07/think-twice-about-using-session-state/"> session state</a> is just bad in general.</p> <p></p> 2012-05-24T00:22:26-04:00