Reputation: 327
Store session token on ASP .NET server
I'm new to Web. Now I'm trying to develop custom user authentication using cookies. When user logins I supply server responce with cookie which contains userId and randomly generated session token guid. When user then requests to the server, it extracts authentication cookie from request, so the server gets back information about userId and user session.
My question is: where should I store and check session token which comes along with users' requests? What if malefactor will falsify cookie with fake userId and session token?
Now there is no place in my program where I store and then check mappings between userId and their session tokens.
Upvotes: 0
Views: 2043
Answers (1)
Reputation: 44600
To enforce security of your ASP.NET MVC application you can use Anti Forgery Tokens.
I recommend you not to implement your "custom" user authentication but look at ASP.NET Identity. It is very flexible and covers most of the necessary authentication scenarios.
Upvotes: 1
Related Questions
- storing JWT token in cookie in MVC 5
- ASP .Net Core, Store JWT in Cookie
- How to store token in cookie?
- MVC save a token in session
- Using cookies to store session in ASP MVC
- Store JWT token in cookie
- Cookie management in ASP.NET MVC
- Store session info in ASP.Net Cookie or Session State?
- ASP.Net Store User Password in Session cookie?
- asp.net mvc storing user data