using some of the asp.net membership tools and log in security

45 views Asked by At

Hello guys I wanted to ask a few things because I want to upgrade my log in security . First of all this is how my log in security looks like atm -

Sql query compares the user input ( pass / name / id ) to my data base and if its correct he gets 2 values and redirected to the main restricted page. one of the values is a random value from a function that stores a limited amount of such values ( each time it picks a random 1 and returns it to the user upon successfull log in ) , and the other value is 1 of the input fields ( like company ID for example ) both of those stored in sessions ( hopefully its not an easy to gain the data stored in those from a hacker? ) and on each of the restricted pages, i use on the page load event 2 terms :

Session ( "the ID" ) <> "" 
 isLegit ( session ( "the random code" )  <>  "false" 

I am still learning about security and i guess my current method is bad? And thats where my second question comes to play , i been reading about microsoft's memebership and wanted to use some of the stuff included , but even after reading about how it works i find myself failing to implant it on my site .
I got pretty long register form and well the site designed in some way, and if i try putting the log in controls from visual studio i cant get them to look like part of the page.

I read that there is a way to keep my site as it is and to use FormsAuthentication.RedirectFromLoginPage("test", false); to force membership or something of this sort? Is such a thing possiblr without having to use the log in tools and storing additional log in data ( beside what i have on my sql data base )?

p.s I am using asp.net with vb on visual studio with MS sql server

1

There are 1 answers

0
Bojan Bjelic On

Take a look at these articles:

If you are willing to create another table that would hold the user information it should be really straight-forward, works out of the box.

You would need to take out the checks you have in the code, though.