Security

Re: Login Control. Remember Me Not working

n_m — Thu, 09 Oct 2008 22:59:28 GMT

Thanks everyone. I just wanted to followup. After some more research, i found the solution. I noticed that the cookie's were being created, but for some reason the login page would just not redirect. Then i found the following example on some forum, i added to the page_load and now the rememberme checkbox works.

If User.Identity.IsAuthenticated = True Then
            Response.Redirect(Login1.DestinationPageUrl)
        End If

Re: Login Control. Remember Me Not working

yasserzaid — Sun, 28 Sep 2008 23:33:53 GMT

try the below code

Use this code:

protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
CheckBox cek = (CheckBox)Login1.FindControl("RememberMe");
if (Request.Cookies["username"] == null Request.Cookies["username"].Value.ToString().Trim() == "")
{
cek.Checked = false;
}
else
{

Login1.UserName = Request.Cookies["username"].Value.ToString();
}
}
}

protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
CheckBox cek = (CheckBox)Login1.FindControl("RememberMe");
if (cek.Checked == true)
{
HttpCookie cookie = new HttpCookie("username");
cookie.Value = Login1.UserName;

cookie.Expires = DateTime.Now.AddDays(1);//cookie Expires
HttpContext.Current.Response.AppendCookie(cookie);
}
else {
HttpContext.Current.Response.Cookies.Remove("username");
}
cek.Checked = false;
}

//--- another way

protected void Page_Load(object sender, EventArgs e)

{

if (Request.Cookies["MyCookie"] != null)

{

TextBox pass = (TextBox)Login1.FindControl("Password"); pass.Attributes.Add("value", Request.Cookies["MyCookie"]["password"]); Login1.UserName = Request.Cookies["MyCookie"]["username"];

}

protected void Login1_LoggedIn(object sender, EventArgs e)

{

HttpCookie cookie1 = new HttpCookie("MyCookie");

cookie1.Values.Add("username", Login1.UserName);

cookie1.Values.Add("password", Login1.Password);

cookie1.Expires = DateTime.Now.AddDays(1);//cookie Expires HttpContext.Current.Response.AppendCookie(cookie1);

}

Good Luck

Re: Login Control. Remember Me Not working

anas — Sat, 27 Sep 2008 02:50:59 GMT

n_m:
Another question. If the user closes the browser is the login cookie still be preserved? I would like to have it so users can still close the browser and still be able to be auto logged in within a certain amount of time.

To allow asp.net remember your users , you need to make sure that the authentication cookie will be persisted , this can be done by setting the following Login control properties :

<asp:Login ID="Login1" runat="server" RememberMeSet="true" DisplayRememberMe="false">
</asp:Login>

Re: Login Control. Remember Me Not working

hans_v — Fri, 26 Sep 2008 23:58:01 GMT

n_m:

I was under the impression that this would work automatically.

Well, it does. You'll need to set the correct properties in web.config.

Generate a machine key using this online tool and place it in your web.config (if you don't, users are logged out when the application recycles). And then set the properties as below:

Proctection should be All, timeout is the number of minutes the cookie expires, name is the name of the cookie. Be carefull, since there's a Potential Security Hole when using a persistent security cookie!

Re: Login Control. Remember Me Not working

n_m — Fri, 26 Sep 2008 18:57:18 GMT

Thanks.Ill try this.

Another question. If the user closes the browser is the login cookie still be preserved? I would like to have it so users can still close the browser and still be able to be auto logged in within a certain amount of time.

Thanks

Re: Login Control. Remember Me Not working

yrajasekhar — Fri, 26 Sep 2008 07:38:26 GMT

Hi you have to store a persistent cookie on user machine if remember me is checked see the following code (if part is when remember me is checked)

 if (cbRememberMe.Checked)
                {
                    int cookietimeout = 360;
                    FormsAuthenticationTicket authTicket = new
                        FormsAuthenticationTicket(txtUserName.Text, true, cookietimeout);
                    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
                    HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                    cookie.Expires = authTicket.Expiration;
                    HttpContext.Current.Response.Cookies.Set(cookie);
                }
                else
                {
                    FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
                }

Login Control. Remember Me Not working

n_m — Thu, 25 Sep 2008 22:26:48 GMT

Hi,

I created a login page using the login control. I am also using a cusomter membershipprovider, with a new validateuser function that i wrote. However the rememberme checkbox does not seem to work. Do i need to write code to handle if the rememberme checkbox was checked and redirect to the destinationpageurl? I was under the impression that this would work automatically. Any help would be appreciated. Thanks!