Asp.Net MVC authentication using FormsAuthentication

7

I'm implementing authentication in my ASP.NET MVC application. I am using FormsAuthentication for this authentication of each user and for each logged in user 5 sessions are assigned (Name, CodSetor, FolderPad, Status and CodPerfil). Authentication is working, however I'm not sure if this would be the best form of authentication since the application will be made available to N users (it can have more than 1000 logged in simultaneously) and if it is the safest and still the use 5 sessions for each user?

The link I used to implement this form of authentication was: link

If you have a better and safer idea, I'll be very grateful to receive new suggestions.

    
asked by anonymous 03.07.2016 / 15:56

1 answer

3
  

Authentication is working, however I'm not sure if this would be the best form of authentication since the application will be made available to N users (can have more than 1000 logged in simultaneously) and if it is the safest and also because I use 5 sessions for each user?

As you said by commentary, there are more modern forms of authentication architecture and users, such as ASP.NET Identity. In any case, you are not putting information that is considered "dangerous" in your session, such as passwords and parameters that expose a user, even though you use persistent Cookies for each user.

Forms Authentication has an intricate process for saving persistent information . The process itself does not have vulnerabilities, but there is natively a way to protect your system against more sophisticated types of attacks such as the XSS . To resolve this, you would have to implement > an anti-forgery mechanism.

    
12.07.2016 / 16:44