Forms authentication: deletion user. Security system

Q1.Forms authentication: deletion user. Security system

I'm controlling customary forms authentication with my tradition membership and roles providers. Everything fine, solely user deletion: if we mislay user from a database, he stays happily logged in as prolonged as he have a cookie. So, as we can see, customary authentication dosn't need anything solely cookie, it doesnt even caring presumably user exists or not.

So my questions are:

1. How can we make customary authentication during slightest check presumably user exists or not before permitting him in?

2. How secure is customary authentication?

Answer:

How can we make customary authentication during slightest check presumably user exists or not before permitting him in?

You could exercise a tradition Authorize charge and in a AuthorizeCore slight once we have called a bottom method, establish if a user exists in a database before permitting him in by returning true. Notice nonetheless that this checking in database will occur on any request.

How secure is customary authentication?

Forms authentication exists given a early days of ASP.NET and it is a proven and secure record if used properly.

Q2.Device tagging in a web application

Im Developing a web concentration that is unequivocally critical. So authentication has to be unequivocally cunning during a same time i dont wish a user to go by a way each time he wants to login. My thought is for a initial time he has to go by a little way to brand himself and after he can login from a same component but many check .

I know Cookie is one proceed though that is not so secure means if anyone copies your cookie he can do harm lot of things!

What are a best ways of Device tagging?? Any suggestions?

Answer:

If you've taken a suitable measures to hinder cookies from being stolen, afterwards there's not many else we can do to strengthen a system.

Your doubt seems a bit confused – we assume we are refering to fan device fingerprinting – this competence not be an suitable fortitude – it unequivocally depends what a hazard denote is . See this post for some hints on how to exercise device fingerprinting.