Hello guys I wanted to ask a few things because I want to upgrade my log in security . First of all this is how my log in security looks like atm -
Sql query compares the user input ( pass / name / id )
to my data base and if its correct he gets 2 values and redirected to the main restricted page. one of the values is a random value from a function that stores a limited amount of such values ( each time it picks a random 1 and returns it to the user upon successfull log in ) , and the other value is 1 of the input fields ( like company ID for example )
both of those stored in sessions ( hopefully its not an easy to gain the data stored in those from a hacker? ) and on each of the restricted pages, i use on the page load event 2 terms :
Session ( "the ID" ) <> ""
isLegit ( session ( "the random code" ) <> "false"
I am still learning about security and i guess my current method is bad?
And thats where my second question comes to play , i been reading about microsoft's memebership and wanted to use some of the stuff included , but even after reading about how it works i find myself failing to implant it on my site .
I got pretty long register form and well the site designed in some way, and if i try putting the log in controls from visual studio i cant get them to look like part of the page.
I read that there is a way to keep my site as it is and to use FormsAuthentication.RedirectFromLoginPage("test", false); to force membership or something of this sort? Is such a thing possiblr without having to use the log in tools and storing additional log in data ( beside what i have on my sql data base )?
p.s I am using asp.net with vb on visual studio with MS sql server
Take a look at these articles:
If you are willing to create another table that would hold the user information it should be really straight-forward, works out of the box.
You would need to take out the checks you have in the code, though.