Pages

Advertisement

Friday, September 21, 2007

ASP.NET Tip: Persistent Logins Under ASP.NET 2.0

 

However, ASP.NET 2.0 has changed how the forms authentication tickets work. Simply using the same method with a True argument won't actually persist the cookie. If you want to have a significantly longer timeout for your forms authentication ticket, the code in this tip performs the same steps as the built-in FormsAuthentication methods but gives you more control over the specifics of how it works.

For starters, you'll need to add a block to your Web.config to enable FormsAuthentication:

<authentication mode="Forms">
<forms name="MyApplication" loginUrl="/login.aspx" />
</authentication>

If you want to switch into SSL mode for the login, you can specify the full URL, including the "https://" prefix in the loginUrl parameter. Also add an authorization section to lock down your entire site or virtual directory:

<authorization>
<deny users="?"/>
</authorization>

The code in your login form, after you've done your own validation to see if the user can log into your application, looks like this:

FormsAuthenticationTicket t =
new FormsAuthenticationTicket(1, userID,
DateTime.Now, DateTime.Now.AddMonths(3),
chkSave.Checked, userID.ToString(),
FormsAuthentication.FormsCookiePath);

string encTicket = FormsAuthentication.Encrypt(t);

HttpCookie c = new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket);

if (chkSave.Checked)
c.Expires = DateTime.Now.AddMonths(3);

Response.Cookies.Add(c);

In this example, the userID variable is the value that will be available if you look at User.Identity.Name after the user has logged in. On my page, chkSave is a check box that lets the user indicate whether or not to save the password. That true/false value is passed into the FormsAuthenticationTicket constructor to mark the ticket as persistent or not. After you get the ticket back, encrypt it and then put it into the designated cookie.

If the user has chosen to save the cookie, the cookie needs to be assigned an expiration date. In this case, I'm using three months as the expiration timeframe.

BACKLINK


Technorati Tags: , , , , ,

3 comments:

Tarun Gupta said...

I read your blog and thought I could tell you about something else which would be useful for seeing maps and directions in India.

I am writing to tell you about MapmyIndia.com, a free interactive maps and directions portal for all India. See the map of connaught place, new delhi, get directions in mumbai from nariman point to juhu airport, and find nearby ATMs in kormangala, bangalore.

As a company and individual enthusiasts, we dream only of solving the problem of reliable directions and navigation for India. For your blog specifically, you can map enable it by using our youtube-style embeddable maps, and links to specific searches (of maps, directions, local and eLocation) on MapmyIndia.

Do give us feedback, suggestions, or get involved yourself by mailing me back at tarun@mapmyindia.com or marketing@mapmyindia.com.

And if you find the different services useful, we would be grateful to you for writing and telling your readers about us.

Warm Regards,
Tarun Gupta
The MapmyIndia Team
For directions in India, just search print and go with MapmyIndia.com

Sharma said...

Hi , Tarun Gupta
It a really nice site .


Incredible
Keep it up !

r4 ds said...

mapmyindia......cool work dude. I am impressed. Never seen it nethin like this before.