Link to home
Start Free TrialLog in
Avatar of koossa
koossa

asked on

ASP.net SECURE User Authentication

Good day

What is the most secure way to determine if a user is logged in or not on any of a website's pages?

On my login form I do something like the following:
  Private Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
    Dim sUsername As String = Login1.UserName
    Dim sPassword As String = Login1.Password
    If sUsername = "Test" Then
      Session("UserAuthentication") = "Blabla"
      e.Authenticated = True
    Else
      e.Authenticated = False
    End If
  End Sub

Open in new window


Is it secure enough to just check if Session("UserAuthentication") = "Blabla" on the other pages to determine if a user is logged in or not.
Is there a more secure way of doing this?
ASKER CERTIFIED SOLUTION
Avatar of Craig Wagner
Craig Wagner
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial