User Authenication without usernames and passwords

StackOverflow https://stackoverflow.com/questions/19791884

Question

I am currently writing an ASP.Net MVC Web Application that will use three items of information to authenticate a customer and allow them to login to a secure area to view their booking details. The three items are:

  1. the customer's booking reference number,
  2. the customer's surname and
  3. the customer's booking date.

I am currently using session to track the login of the user. I would prefer to use Forms Authentication as it is tried-and-tested and more secure.

Is it possible to use Forms Authentication with this kind of login? The MembershipProvider class's ValidateUser() method takes in as parameters username and password. I guess I would need to write my own Provider to accomplish this.

Was it helpful?

Solution

You don't need to use Membership for Forms Authentication. You just need the enable Forms Authentication Module in the web.config file, set up your login page with whatever credentials you want and use FormsAuthentication class to set the cookie.

Here is a sample, it does use the password, but you can set the authentication logic to whatever you want - check DB with the three parameters you need, etc. Then use FormsAuthentication.RedirectFromLoginPage to set the cookie and send the user to the requested page. You do need a unique ID to identify a customer, cause that's what the module will use on subsequent calls to set the identity.

Simple Forms Authentication

Here is an MVC sample, it uses the FormsAuthentication.SetCookie method to do the same

MVC Sample

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top