What .NET objects should I use to create a cookie based session in MVC?
Posted
by
makerofthings7
on Programmers
See other posts from Programmers
or by makerofthings7
Published on 2013-01-29T15:29:28Z
Indexed on
2013/11/01
22:11 UTC
Read the original article
Hit count: 287
I'm writing a custom password reset application that uses a validation technique that doesn't fit cleanly with ASP.NET Membership Provider's challenge questions.
Namely I need to invoke a workflow and collect information from the end user (backup phone number, email address) after the user logs in using a custom form.
The only way I know to create a cookie-based session (without too much "innovation" on my part) is to use WIF.
- What other standard objects can I use with ASP.NET MVC to create an authenticated session that works with non-windows user stores?
Ideally I can store "role" or claim information in the session object such as "admin", "departmentXadmin", "normalUser", or "restrictedUser"
The workflow would look like this:
- User logs in with username and password
- If the username and pw are correct a (stateless) cookie based session is created
- The user gets redirected to a HTML form that allows them to enter their backup phone number (for SMS dual factor), or validate it if already set.
- The user can then change their password using the form provided
The "forgot password" would look like this
- User requests OTP code to be sent to the phone
- User logs in using username and OTP
- If the OTP is valid and not expired then create a cookie based session and redirect to a form that allows password reset
- Show password reset form, and process results.
© Programmers or respective owner