1. WebLog
  2. .NET
  3. 2014
  4. October
  5. Dark .NET229
20
Oct
2014

Persistent authentication cookie and autologin

Custom made autologin with persistent authentication cookie

ASP.NET comes with built in login form both for WebForms or MVC, but sometimes you have to do it in a custom manner where permanent authentication cookie needs to be set from your code following your business logic.

First thing you have to do is to set expiration time for authentication cookie in web.config. This is for done first to make sure that your cookie does not expire during your testing.

Note

Attribute timeout represents lifetime of a cookie in minutes

When this is set, you can proceed with authentication implementation. You can build your custom MembershipProvider or some custom method that will check whethet entered credentials from the UI side are valid. After validation is passed, you need to set authentication cookie as in the following code snipped where "username" string is a username that you authenticated previously and secong parameter in SetAuthCookie is a flag that says this cookie is persistent and will not expire after you close browser.

        <authentication mode="Forms">
            <forms timeout="50000000" slidingExpiration="true"/>  
        </authentication>

You can check whethet cookie is set with Web Developer extension for Firefox

Authcookie

FormsAuthentication.SetAuthCookie("username", true);

 

public static bool AutoAuthenticate()
{
var webContext = HttpContext.Current;
if (webContext != null && webContext.Session[SessionKeys.MEMBER_INFO] == null)
{
var request = webContext.Request;
HttpCookie authCookie = request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);
if (ticket != null)
                        {
                            using (CreativeLabEntities dataContext = new CreativeLabEntities())
                            {
                                Member member = dataContext.Members.Where(m => m.Email.Equals(ticket.Name, StringComparison.InvariantCultureIgnoreCase)).FirstOrDefault();
                                if (member != null)
                                {
                                    webContext.Session[SessionKeys.MEMBER_INFO] = new MemberInfo(member.Email.ToLower());
                                    return true;
                                }
                                else
                                {
                                    return false;
                                }
                            }

                        }
                    }
                }
            
            return false;
        }

Disclaimer

Purpose of the code contained in snippets or available for download in this article is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.

About the author

DEJAN STOJANOVIC

Dejan is a passionate Software Architect/Developer. He is highly experienced in .NET programming platform including ASP.NET MVC and WebApi. He likes working on new technologies and exciting challenging projects

CONNECT WITH DEJAN  Loginlinkedin Logintwitter Logingoogleplus Logingoogleplus

JavaScript

read more

SQL/T-SQL

read more

Umbraco CMS

read more

PowerShell

read more

Comments for this article