Question : .aspx login/authentication system

Hi Guys,

I'm trying to build a simple login/auth system.
I have a windows app written in C#

I want to achieve the following.

1. User enters uName/pWord into the login form.
2. On a successul login, system returns a sessionID number that can be used for subsequent calls.
3. If a user logins again (either by opening up another instance of the software on the desktop, OR from another location), then a new sessionID will be returned, rendering the first one invalid, and obvisously the first application will no longer be able to retrieve data because of its invalid ID.

I'm thinking of the login button sending the login details via httprequest to a .aspx which will perform the authentication. www.mydomain.com?Method=myAuth&Username=user&Password=password scenario

I have a mssql backend. Will the session id be stored in the database? relative to that user profile, or is it stored in a local cookie? This is where i need some guidance.

Also,

what is the best way to generate this sessionID. does mssql have abilities for this?
or is the sessionID usually cookie based?

So pretty much, ideas on how to build from scratch.

Any help appreciated.

Cheers,
Marek

Answer : .aspx login/authentication system

for this you can use the same user table to store the session id which will be a guid. When the user logs in generate a new key and store in database and that key will be used to authenticate the requests on each call. when user logs off you can again set the key to null.
Random Solutions  
 
programming4us programming4us