Will you help me to manage user session in a website using C#.net and ASP.Net?

Question

Sorry for bad english :(
===============
Hello you all greate web guru
I am a learner of web developement. I have create two pages one is login page and other is UserHome.aspx. It will open after success full login.

When user enters correct information then following works

if(myDatareader.read()==true)
{
Request.Redirect("UserHome.aspx?ID="+Session.SessionID);
}

I am sendind an session ID to check continues of webpage. And written inf UserHome.aspx

Page_load(ss,ss)
{
If(Request.QueryString["ID"]!="" || Request.QueryString["ID"]==null)
{
Request.Redirect("User.aspx");
}
}

Its working fine. But problem is that its really nothing means security. because when Url copy the UserHom.aspx with any ID value its open.

I want that User login only after that UserHOme.aspx will open otherwise not.

will you suggest me technique that how can I manage User in my web.

Thanks in Advance

Answer 1

Ok this is how you can do it (if you insist on reinventing the wheel)

1) Declare a User class
2) Add properties and methods to the User Class. For example you might add a property named IsAuthenticated to your class.
3) after authenticating an instance of User, you save in it Session

In a secure page, you retrieve your user object from the Session to check if the current user is authenticated. If not, you redirect him to a login page

User user = (User)Session["currentUser"];
if(!user.IsAuthenticated) {
Response.Redirect("Login.aspx", true);
}

In the Login Page, after a user successfully logins in you store a User instance in Session
User user = new User();
// do stuff here to authenticate user
user.IsAuthenticated = true;
Session["currentUser"] = user;

Hope this helps!!

Answer 2

Use the built-in forms authentication provider that comes with ASP.NET. It will work much better than what you have now, which is awful.

http://quickstarts.asp.net/QuickStartv20/aspnet/doc/security/formsauth.aspx