Is there any other Method to create Login/Signup form without session in MVC?

Question

I am creating my Login form in my project as same from Session, but now in this project i want to create Login form without using any session. Anyone here to guide me? There is my Work using Session, This is Controller of LogIn:

 public class LoginController : Controller
    {
        IMEI_WEB_MVC.Connections.IMEI_DBEntities imeidb = new Connections.IMEI_DBEntities();
        Functions func = new Functions();
        // GET: Login
        public ActionResult Index()
        {
            return View();
        }
        [HttpGet]
        public ActionResult Autherize(log_variable logvariable_model)
        {
            log_variable lgv = new Models.log_variable();
            string pwd = func.security(logvariable_model.usr_pwd);
            var userDetails = imeidb.new_usr.Where(x => x.usr_nam == logvariable_model.usr_nam && x.usr_pwd == pwd).FirstOrDefault();
            if (userDetails == null)
            {
                logvariable_model.LogErrorMessage = " Invalid Name or Password";
                return View("Index", logvariable_model);
            }
            else
            {
                Session["usr_id"] = userDetails.usr_id;
                Session["com_id"] = logvariable_model.com_id;
                Session["br_id"] = logvariable_model.br_id;
                //lgv.usr_id = userDetails.usr_id;
                //lgv.com_id = logvariable_model.com_id;
                //lgv.br_id = logvariable_model.br_id;

                return RedirectToAction("index", "m_dpt");

This is my Model:

  public class log_variable
    {
        [Required(ErrorMessage = "User Name cannot be blank")]
        [DisplayName("Name")]
        public string usr_nam { get; set; }
        [Required(ErrorMessage = "Password cannot be Blank")]
        [DataType(DataType.Password)]
        [DisplayName("Password")]
        public string usr_pwd { get; set; }
        public int usr_id { get; set; }

        [Required(ErrorMessage = "Company ID cannot be blank")]
        [MaxLength(2)]
        [DisplayName("Company_ID")]
        public string com_id { get; set; }
        [Required(ErrorMessage ="Branch ID cannot be blank")]
        [MaxLength(3)]
        [DisplayName("BRANCH_ID")]
        public string br_id { get; set; }
        public string LogErrorMessage { get; set; }
    }

When you look into best practices and design principles, they always say 'Don't reinvent the wheel'. This is what I am suggesting, use the existing ASP.NET Identity model instead of writing your own authentication/authorization logic. — Thangadurai, Mar 29 '19 at 06:37
There is many methodologies for to do this. Identity is an option. Many 3rd party exist like Okta. You can search for Oauth , Owin , Token Based Authentication etc. — Batuhan, Mar 29 '19 at 07:07
We optimise our queries and query the database per request with minimal caching of data. Pretty sure that's how Microsoft does it too. — Adrian, Mar 29 '19 at 08:52

score 0 · Answer 1 · answered Mar 29 '19 at 08:14

AFAIK, to control this kind of user's access, you have basically only two options:

You can manage when they logging in and when they are logging out (sessions), OR
You can give them a ticket and they have to pass it to your application (Security token, like JWT). (If anybody knows anotehr method to do it, please, tell me)

Ask your boss if it's about storing data in a in-memory session, or to avoid cookis, bc there are ways to do that with sessions. Take a look at this (sessions in db) and this (cookieless sessions)

If you find any other way, please, tell us.

Good luck.

Is there any other Method to create Login/Signup form without session in MVC?

1 Answers1