I am starting to learn ASP.NET MVC. Now I am trying to create an application that supports personal accounts without class Membership, class FormsAuthentication etc. I was surfing the programming forums to solve the problem below for nearly 4 hours, now I'm exhausted...
If the user doesn't check the "Remember" box in the login form, my app saves username to the current session:
HttpContext.Session.Set("authentication", Encoding.Unicode.GetBytes(username));
And when the user tries to open the personal account page, my app tries to get the saved value from session:
if (!HttpContext.Session.TryGetValue("authentication", out username)) {
return RedirectToAction("Login", "Account");
}
It displays the value using function Controller.Content. But when I enter username "SNBS" and click "Login", it displays the following nonsense:
The personal account interface will be here. Your username: UwBOAEIAUwA=
Note: the rest of login/logout functionality works properly: when I try to open personal account page without authenticating, it redirects me to login page, etc.
I suppose the problem is caused by encodings, as HttpContext.Session.Set receives a byte array in parameter value. I tried changing Encoding.Unicode.GetBytes to Encoding.UTF8.GetBytes and to other encodings, but it just changed the nonsense displayed. I also tried using System.Convert — it gave the same result. Now I don't know what to try, as session usage includes not more than five lines of code and there is simply nothing that could work improperly...
