Geek Answers Handbook

Pass values ​​or data from one page to another when using the Login control in ASP.NET 2.0

I am using Login Control, available in ASP.NET 2.0 on the login page. After successfully authenticating the user with the database, I redirect the user to home.aspx. Here I want to pass the username also to home.aspx so that the user is met with his / her name in home.aspx. Example: Welcome Smith

I am retrieving the username from the users table in my database while checking login credentials.

Can someone please tell me how to do this in a safe way (maybe not for security, but a little)?

Thanks,

0
source share
4 answers

One good place for this kind of data would be in the session. Try something like this on the first page:

this.Session["UserName"] = userName;

and then subsequent pages in this session for this user can access this.Session["UserName"] .

The best way to do this is to create a static class for managing Session for you like this:

 using System; using System.Web; static class SessionManager { public static String UserName { get { return HttpContext.Current.Session["UserName"].ToString(); } set { HttpContext.Current.Session["UserName"] = value; } } // add other properties as needed }

Your application can then access the session state as follows:

 SessionManager.UserName

This provides maximum flexibility and scalability.

+3
source

If you use standard asp.net authentication, you can access the username through the user property of the page object.

User.Identity.Name

As Andrew suggested, a session is a common place to put a username, although I avoid using a session at all if possible.

You can set a cookie with a username.

You can also set the DestinationPageUrl property of the entry control to include the username in the query string. Although it feels / looks pretty lame.

+1
source

As ScottS said, if you use standard login controls and a membership provider, this information is already available to you in User.Identity.Name.

The only reason I am posting the response is to mark the LoginName control, which you can delete on the page / page master and do it automatically for you:

 <asp:LoginName id="LoginName1" runat="server" FormatString ="Welcome, {0}" />

This will result in "Welcome, Zhaph" when the user logs in, or nothing if they are not.

You can also combine this with LoginView and LoginStatus :

 <asp:LoginView ID="RegisterLink" runat="server"> <AnonymousTemplate> <div class="titleRegistration"> <a href="/Users/Register.aspx">Register</a> or </div> </AnonymousTemplate> <LoggedInTemplate> <div class="titleRegistration"> Welcome back <asp:LoginName ID="LoginName1" runat="server" /> - </div> </LoggedInTemplate> </asp:LoginView> <asp:LoginStatus ID="lsGeneral" runat="server" LogoutPageUrl="/Users/Logout.aspx" />

This combination of controls will do the following:

  • If the user is not registered on the display: register or log in
  • If the user is logged in on the display: Welcome back Zhaph - Logout

Login lines are populated with settings in web.config and generated by the LoginStatus control.

+1
source

yes, as Andrew said, a session is the primary place to store sensitive data.

but why is the username sensitive? You can save it in a cookie and print it in your home.aspx whenever a user logs in.

EDIT: You can use cookies in ASP.NET as follows:

 // Setting cookie : Response.Cookies["UserName"].Value = "Erhan"; Response.Cookies["UserName"].Expires = DateTime.Now.AddDays(7); // Persists 1 week // Getting cookie : string username = string.Empty; if(Request.Cookies["UserName"] != null) { username = Server.HtmlEncode(Request.Cookies["UserName"].Value); }

NOTE. Cookies stored on the client machine. therefore, you should not use them to store sensitive data.

0
source

More articles:


All Articles