What's good practice for ASP.Net MVC4 Login Sessions? -


currently, website stores session id next user's entry in database , ip address, stored in cookie. if session id , ip address match on each page grant them access. seems fine, want allow people login website on multiple ip addresses/multiple sessions.

so i'm wondering best , secure way be? store username , password in session, store username , hashed password in session or store unique id in new "sessions" table of database user's id next it? store session id in cookie?

i'm not sure if session tampering thing, assume it's possible elite i'm trying secure possible. know editing cookies simple too.

the website uses web service in background. when user enters login details, sent service , checked returns yay or nay. reason service used multiple applications of different platforms. basic/simple membership model won't work here.

i managed done following guides here: http://www.codeproject.com/articles/13032/custom-membershipprovider-and-roleprovider-impleme , here: http://logcorner.wordpress.com/2013/08/28/how-to-configure-custom-membership-provider-using-asp-net-mvc4-with-external-login-like-facebook-yahoo-google-or-other-relying-party-accounts-2/

i managed working our service overriding required methods customer membership , making them check our service , responding accordingly. works great.

example

    public override bool validateuser(string username, string password)     {         myuser newuser = new myuser          {             email = username,             password = password         };          try         {             myuser user = myservice.authenticate(newuser);             if (user.email != null && user.isactivated)             {                 return true;             }             else             {                 return false;             }         }         catch (exception e)         {             return false;         }      }

it gives ability use membershipcreatestatus registering new users. let me specify tiny details of why fail rather throw error did previously. pointing me in right direction mystere man.


Comments

Post a Comment

Popular posts from this blog

c++ - CryptStringToBinary API behavior -

i seeing strange behavior cryptstringtobinary cryptography api. please see below code (config: x64 debug): #include "stdafx.h" #include <windows.h> #include <strsafe.h> #include <iostream> #include <exception> void main() { dword dwskip; dword dwflags; dword dwdatalen; //lpcwstr pszinput = l"jaaaaaecaaadzgaaakqaagdnnl1l56bwgfjdgr3rpxtqqqn6daw3usv2emkjym4t"; //this works fine lpcwstr pszinput = l"mytest"; //doesnt work, api returns false,error code 0x0000000d // determine size of byte array , allocate memory. if(! cryptstringtobinary( pszinput, _tcslen( pszinput ) + 1, crypt_string_base64, null, &dwdatalen, &dwskip, &dwflags ) ) { dword dw = getlasterror(); //0x0000000d: data invalid throw std::exception( "error computing byte length." ); } byte *pbytebyte = null; try { ...
Read more

c++ - Correct method for redrawing a layered window -

i have window created ws_ex_layered window style. drawing onto memory bitmap using gdi+, , using updatelayeredwindow update graphical content of layered window. intend use window main window of application, require redraw frequently. seeing layered windows not receive wm_paint windows message [?] , need come appropriate method re-drawing window. optimisation not essential , it's nice have cake , eat too. therefore, in search of "correct" method use. here thoughts far: i guess it's idea render onto off-screen bitmap before bitblt ing or similar. 60 frames rendered per second should (more than?) enough (but how compare other applications' frame rates?). possible solutions: use settimer send wm_timer message on regular basis. useful because through specifying time-out value, can achieve desired frames per second, without requirement measure duration "frame" takes rendered. would cause input or other lags due frequency , speed of m...
Read more

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more