What major steps we should follow, while developing the new website in asp.net [about Session concept]

Question

What major steps we should follow, while developing the new website in asp.net [about Session concept]

Ashok Kumar 221

I'm new to this concept and I'm developing the new website in my organization but I'm very sure I don't have that much of experience to me for maintaining the sessions and some extra required things so, to achieve this session concept I have
written like below.

I have read some concepts about sessions

ex:-

In masterpage pageload event I written this code :-

   if (Session["Admin"] != null)  
   {  
   Response.ClearHeaders();  
               Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");  
               Response.AddHeader("Pragma", "no-cache");  
   }

And in same masterpage on logout button event I written this code

   if (Session["Admin"] != null)  
           {  
               FormsAuthentication.SignOut();  
               Session["Admin"] = null;  
               Session.Abandon();  
               Session.RemoveAll();  
               Session.Clear();  
           }  
           Response.Redirect("~/Admin/Login.aspx");

But I'm not sure this code is correct or not
can any one suggest me
how to create a website ?
what kind of precautions we should take before creating a website ?

Please advise.

Thanks

2 answers

Your answer

Answer 1

AgaveJoe 30,121

how to create a website ?

Unclear. Are you receiving an error creating a website with Visual Studio?

what kind of precautions we should take before creating a website ?

Use Forms Authentication for authorization not Session. Forms Authentication is a library that comes with ASP.NET, configured in the web.config, works with Web Forms authentication/authorization server controls, and works with standard ASP.NET authorization.

An Overview of Forms Authentication (C#)
Implement forms-based authentication in an ASP.NET application by using C#.NET

Session is typically the wrong tool for authorization/authentication. Session does not scale well and Session is volatile by definition. You'll need to write and test an entire authentication/authorization process while ASP.NET comes with Forms Authentication out-of-the-box.

Lastly, consider creating new development in the latest .NET 7 framework rather than .NET framework which ended with version 4.8.

Tutorial: Get started with Razor Pages in ASP.NET Core

Ashok Kumar 221 Reputation points

2022-11-24T08:16:32.883+00:00

Hi @AgaveJoe thanks for your answer

For this question

how to create a website ?

My exact question is **What kind of authentications check Ex:(FormsAuthentication.SignOut();) and session properties , method should take while login and logout the user ?** in .cs file logic.

And should I write any logic in web.config file ?

For session expiry , authentication , authorization something like this ?

Please suggest the answer for this question .

Thanks in advance.
AgaveJoe 30,121 Reputation points

2022-11-24T12:57:00.357+00:00

My exact question is What kind of authentications check Ex:(FormsAuthentication.SignOut();) and session properties , method should take while login and logout the user ? in .cs file logic.

Cleary you did not read any of the links in my last post. It does not make sense to copy and post the same in formation in this forum.

For session expiry , authentication , authorization something like this ?

It makes no logical sense to use Session for authorization if you are already using Forms Authentication.

Answer 2

Lan Huang-MSFT 30,186 Microsoft External Staff

Hi @Ashok Kumar ,

But I'm not sure this code is correct or not

Have you run it to see if it works?
ASP.NET session state enables you to store and retrieve values for users as they browse ASP.NET pages in your Web application.
For details on how to use it, please refer to the tutorial.
ASP.NET Session State Overview

how to create a website ?

You can create ASP.NET Web Site projects directly in Visual Studio.

what kind of precautions we should take before creating a website ?

I think you can design clean and clear layouts; use effective typography to enhance readability; make navigation easier; reduce site load time with proper design: such as using CSS, avoiding nested tables, removing redundant whitespace, keeping code Cleaning, splitting long pages into multiple shorter pages, reducing the number of plugins, reducing scr ipts, and removing unnecessary content images.
Best regards,
Lan Huang

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Ashok Kumar 221 Reputation points

2022-11-24T08:19:03.313+00:00

Hi @Lan Huang-MSFT thanks for your answer.

For this question

Have you run it to see if it works?

Yes, my code is working fine but My doubt is should I use any authentication , authorization and this kind of Response.ClearHeaders(); methods in my logics for website security purpose or should I use only session concept ?

Give me your best suggestion

Thanks in advance.
Lan Huang-MSFT 30,186 Reputation points Microsoft External Staff

2022-11-24T09:42:04.73+00:00

Hi @Ashok Kumar ,
You can study the documentation I provided.
ASP.NET Session State Overview
https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/aspnet/development/forms-based-authentication

ASP.NET session state simply enables you to store and retrieve values for users as they browse ASP.NET pages in your Web application.
I noticed that you used FormsAuthentication.SignOut() in your code; it means that you have already used form authentication, and I think you don't need to add additional authentication.
Best regards,
Lan Huang

Share via

What major steps we should follow, while developing the new website in asp.net [about Session concept]

2 answers

Your answer