Best Practice for Checking if user is logged into application

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Does anyone have suggestions on the best way to check if a user is logged
into asp.net web application?

We are not using forms authentication. We are authenticating our users
against active directory. I some people use the database to determine if a
user is logged in between web pages and check in the web forms.
 
When you say 'against active directory' .... is that Windows Authentication?

You can use the User.Identity class to obtain certain information about the
currently logged in user:

User.Identity.IsAuthenticated = [True|False]
User.Identity.Name = [<username>]
User.Identity.AuthenticationType = [Forms|Windows...]

You can setup forms authentication to authenticate against Active Directory,
which is my preferred method, because you can have a much more integrated and
themed login page (as opposed to Windows/Integrated authentication) and still
get AD-based credential authentication. Check out this link:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp

I've got a working version in VB.NET to post if you're not working in C#.

Andrew A. Willett
Tech Xero
 
Back
Top