Asp.Net MVC authentication using Formsauthentication

Question

Asp.Net MVC authentication using Formsauthentication

Asked 7 years, 12 months ago

Viewed 1,103 times

7

I am implementing authentication in my ASP.NET MVC application. I am using FormsAuthentication for this authentication of each user and for each logged in user 5 Sessions are assigned (Name, Codsetor, Pastapadrao, Status and Codperfil). The authentication is working, however I am not very sure if this would be the best form of authentication given that the application will be available to N users (can have more than 1000 logged in simultaneously) and whether it is the safest and still by using 5 sessions for each user?

The link I used to implement this form of authentication was : http://www.devmedia.com.br/asp-net-mvc-autenticacao-basica/20255

If you have any better and safer ideas, I would be most grateful to receive new suggestions.

Guys, after searching other sources I saw that Asp.net mvc provides an efficient and secure form of authentication known as IDENTITY. Now I’m struggling to add this tool in a project to part of the main project.

– urlflavio

2016/07/09 at 01:39

1 answer

Browser other questions tagged c# asp.net-mvc asp.net forms-authentication

You are not signed in. Login or sign up in order to post.

by Leonel Sanches da Silva • **88,623** points · Answer 1 · 2016-07-12T14:44:46+00:00

The authentication is working, however I am not very sure if this would be the best form of authentication given that the application will be available to N users (can have more than 1000 logged in simultaneously) and whether it is the safest and still by using 5 sessions for each user?

As you said yourself by comment, there are more modern forms of authentication architecture and users, such as ASP.NET Identity. In any case, you are not putting "dangerous" information in your session, such as passwords and parameters that could expose a user, even if you use persistent cookies for each user.

Forms Authentication has an intricate process for storing persistent information. The process itself does not present vulnerabilities, but there is no native way to protect your system against more sophisticated types of attacks such as, the XSS. To solve, you would have to implement too a mechanism anti-forgery.