How to get the asp.net login control to auto authenticate a previously authenticated user?
https://stackoverflow.com/questions/165331
-
03-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to to set up the login control to remember the login credentials of a user who has previously entered their user name and password successfully. I set the remember me property to true, but it doesnt seem to triger any events where I could read the cookie and auto login the user.
Is there a straightforward mechanism to accomplish this?
Solution
You need to Google for Forms Authentication in ASP.NET 2.0
You will need to set up your application (via web.config) and may also need to alter IIS settings. While it's all quite straightforward, there are heaps of settings that can be used, so best is to read some of the articles. ScottGu has a blog entry that goes into a lot of good detail.
There are also many good video's at www.asp.net including these Security Tutorials
try How to: Create an ASP.NET Login Page and Walkthrough: Creating a Web Site with Membership and User Login. If I recall, you still have to do the authentication yourself unless you use the Sql Server Membership provider. In that case you still have to set up the database and web.config.
Essentially, once you've set up configuration properly, you have a login page. In that login page you tell Forms Authentication to create the authentication ticket for you once you authenticate them:
if (VerifyUser(name, password) ) // this is not a framework method
FormsAuthentication.RedirectFromLoginPage(
userName, false); // no persistent cookie
If you want to read the authentication ticket data (from anywhere else).
// output just writes to a StringBuilder 'sb'
output(sb, "Identity.AuthenticationType", Page.User.Identity.AuthenticationType);
FormsIdentity fi = Page.User.Identity as FormsIdentity;
if (fi == null)
{
output(sb, "Identity Type", Page.User.Identity.ToString());
return;
}
output(sb, "FormsIdentity.Ticket.IssueDate", fi.Ticket.IssueDate);
output(sb, "FormsIdentity.Ticket.Expiration", fi.Ticket.Expiration);
output(sb, "FormsIdentity.Ticket.Name", fi.Ticket.Name);
output(sb, "FormsIdentity.Ticket.CookiePath", fi.Ticket.CookiePath);
output(sb, "FormsIdentity.Ticket.UserData", fi.Ticket.UserData);
output(sb, "FormsIdentity.Ticket.Version", fi.Ticket.Version);
output(sb, "FormsIdentity.Ticket.IsPersistent", fi.Ticket.IsPersistent);
The point is, once authenticated, asp.net will only redirect the user to the login page if the authentication ticket has expired and the user is on a protected page. Asp.net doesn't keep asking you to authenticate the user unnecessarily.
