protected void btnLogin_Click(object sender, EventArgs e) { //Activate the message if login is failed lblMessage.Visible = true; AppSecurity temp = new AppSecurity(); temp = AppSecurity.login(txtUsername.Text, txtPassword.Text); if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text)) { //set string value to class function that returns string temp = AppSecurity.login(txtUsername.Text.Trim(), txtPassword.Text.Trim()); } else { lblMessage.Text = temp.ErrorLogin.ToString(); return; } if (temp.UserId > 0) { // Use .NET built in security system to set the UserID //within a client-side Cookie FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(temp.UserId.ToString(), false, 480); //For security reasons we may hash the cookies string encrytpedTicket = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrytpedTicket); Response.Cookies.Add(cookie); //set the username to a client side cookie for future reference HttpCookie MyCookie = new HttpCookie("UserEmail"); DateTime now = DateTime.Now; MyCookie.Value = temp.UserEmail.ToString(); MyCookie.Expires = now.AddDays(1); Response.Cookies.Add(MyCookie); //set the userrole to a session variable for future reference Session["Role"] = temp.UserRole.ToString(); // Redirect browser back to home page Response.Redirect("~/Default.aspx"); } else { //or else display the failed login message lblMessage.Text = "Login Failed!"; } }