Welcome!

[Jova]

Anyone here using C# and ASP.NET?

I could use a little help on making a secure user register and login to a website.

How would I go about doing this the best way? I could make a simple save to database of the username and password, and then check against that but that's not very secure or protected.

[Andy]

1. Encrypt the password using SHA-1 before placing it in the database. Whenever checking a login, sha1 encrypt the submitted password and compare with the one in the database.
2. Use prepared statements whenever dealing with external data in your SQL queries.
3. Use a session to refer to the user account.

[mike360]

The .NET framework has a collection of classes for user registration, login and session management. Check out this article on Membership, MembershipUser, Roles and Profiles (linked below). There's also (if I recall correctly) a Registration Wizard control that you can use. The whole package covers a lot more than what you need from the sounds of it but it's worth while to look at.

http://www.4guysfromrolla.com/articles/120705-1.aspx

Also, refer to the System.Web.Security namespace on MSDN which contains all the documentation for the classes you need.

http://msdn.microsoft.com/en-us/library ... urity.aspx

It has been over a year since I've written any Asp.NET stuff and even longer since using these classes but I do recall them being pretty helpful.

[Jova]

Thanks.

I've already done the tutorial over at www.asp.net which goes through the same things but I'll look into these links as well.