Persistent authentication cookie and autologin

Custom made autologin with persistent authentication cookie

  • Share

ASP.NET comes with built in login form both for WebForms or MVC, but sometimes you have to do it in a custom manner where permanent authentication cookie needs to be set from your code following your business logic.

First thing you have to do is to set expiration time for authentication cookie in web.config. This is for done first to make sure that your cookie does not expire during your testing.

Note

Attribute timeout represents lifetime of a cookie in minutes

When this is set, you can proceed with authentication implementation. You can build your custom MembershipProvider or some custom method that will check whethet entered credentials from the UI side are valid. After validation is passed, you need to set authentication cookie as in the following code snipped where "username" string is a username that you authenticated previously and secong parameter in SetAuthCookie is a flag that says this cookie is persistent and will not expire after you close browser.

        <authentication mode="Forms">
            <forms timeout="50000000" slidingExpiration="true"/>  
        </authentication>
    

You can check whethet cookie is set with Web Developer extension for Firefox.

Authcookie

FormsAuthentication.SetAuthCookie("username", true);
    

 public static bool AutoAuthenticate()
        {
            var webContext = HttpContext.Current;

            if (webContext != null && webContext.Session[SessionKeys.MEMBER_INFO] == null)
                {
                    var request = webContext.Request;
                    HttpCookie authCookie = request.Cookies[FormsAuthentication.FormsCookieName];
                    if (authCookie != null)
                    {
                        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
                        if (ticket != null)
                        {
                            using (CreativeLabEntities dataContext = new CreativeLabEntities())
                            {
                                Member member = dataContext.Members.Where(m => m.Email.Equals(ticket.Name, StringComparison.InvariantCultureIgnoreCase)).FirstOrDefault();
                                if (member != null)
                                {
                                    webContext.Session[SessionKeys.MEMBER_INFO] = new MemberInfo(member.Email.ToLower());
                                    return true;
                                }
                                else
                                {
                                    return false;
                                }
                            }

                        }
                    }
                }
            
            return false;
        }
    
  • Share

Disclaimer

Purpose of the code contained in snippets or available for download in this article is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.

Comments for this article

comments powered by Disqus