Create an scalable ASP.Net MVC web site without using Session [closed]

Question

I'm working on a Web project using Asp.Net MVC, which I'll have to deploy to a farm environment.

I've read a lot of articles and I'm thinking on disabling completely the SessionState, I think this would make a more robust application, and will save me a couple of headaches (Everything I've read tells me that handling sessions on a farm isn't trivial).

There are some things that I still don't have totally clear with this approach though, the main one being the authentication/authorization process. Basically I'm not sure of how (if?) I can handle user sessions if there's no SessionState enabled on the server. If a user logs into the web site and then tries to access another page, how can I know that the user is already logged in? I know using cookies is insecure, I thought of a mix of cookies with the session Id stored in the DB, but I suppose that if I disable SessionState I won't have access to the session id either.

What's the best approach on this? Is there any recommended book/article you can point me to so I can get this clear?

Thanks a lot for your help

Answer 1

I think use Forms Authentication for this this will be manage your logged in user name and you can also set authorization through this.

http://msdn.microsoft.com/en-us/library/ff647070.aspx

http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx

http://www.codeproject.com/KB/web-security/formsroleauth.aspx

http://www.beansoftware.com/ASP.NET-Tutorials/Forms-Authentication-Active-Directory.aspx

These links are ans of your each question. Through this you can manage role authorization and session