Login/Register
"Remember me" with ASP.NET MVC Authentication is not working
Asked Answered
Solved .netasp.net-mvccookiesmembership
R

3

16

I have a standard ASP.NET MVC (RC Refresh) web project, with the standard ASP.NET Membership provider and the Account controller that is included in the project template.

When I check "Remember me" in my Login form, I am still not being remembered by the site. (Firefox remembers my username and password, but what I expected to happen was to be automatically logged on).

Do I have to set and check the cookie manually? If so, how should it best be done?

Renatarenate answered 5/2, 2009 at 0:4 Comment(0)
S
17

You need to pass true/false to the SetAuthCookie method.

public ActionResult Login (string email, string password, bool rememberMe, string returnUrl)  
{

    // snip

    FormsAuth.SetAuthCookie(username, rememberMe); // <- true/false

    // snip
}

and make sure that bool rememberMe reflects the status of the checkbox on your login page.

Sharpen answered 5/2, 2009 at 0:28 Comment(4)
I did this, with the immediate effect that when I log in, close the browser, re-open it and browse to the site, I am instantly logged in again - even if I'm not trying to view pages that require me to be. Is this the way it's supposed to be, or am I making it too easy for me?Renatarenate
The createPersistentCookie of SetAuthCookie is causing a cookie to be saved on the user's system which keeps them logged in. So yes, this is what that parameter does. There are two other items which control logins which are "Session timeout" and "Authorization timeout".Sharpen
If the session timeout occurs but the authorization timeout has not, when the user goes to the site, will they need to log in again after originally logging in with remember me checked?Meagre
also make sure to set a "timeout" value in web.config.Flory
D
3

You need to generate a persistent cookie in the controller method that handles logon when the Remember Me box is checked. If you are using RedirectFromLoginPage, set the createPersistentCookie argument to true.

Durand answered 5/2, 2009 at 0:25 Comment(2)
I now create the cookie with the following code. if (rememberMe) { HttpCookie cookie = FormsAuthentication.GetAuthCookie(userName, true); cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 0, 0, 0)); Response.Cookies.Add(cookie); } how do i check if there is a valid cookie with the request?Renatarenate
I think if you get a valid session cookie, the user will be set in the HttpContext and they won't be directed to your logon page by the AuthorizationAttribute.Durand
S
3

These 3 methods helped me persist a cookie.

Note, if the user unselects "Remember Me", you'll want to remove the cookie.

   private const string RememberMeCookieName = "MyCookieName";



        private string CheckForCookieUserName()
        {
            string returnValue = string.Empty;
            HttpCookie rememberMeUserNameCookie = Request.Cookies.Get(RememberMeCookieName);
            if (null != rememberMeUserNameCookie)
            {
                /* Note, the browser only sends the name/value to the webserver, and not the expiration date */
                returnValue = rememberMeUserNameCookie.Value;
            }

            return returnValue;
        }

        private void CreateRememberMeCookie(string userName)
        {
            HttpCookie rememberMeCookie = new HttpCookie(RememberMeCookieName, userName);
            rememberMeCookie.Expires = DateTime.MaxValue;
            Response.SetCookie(rememberMeCookie);
        }

        private void RemoveRememberMeCookie()
        {
            /* k1ll the cookie ! */
            HttpCookie rememberMeUserNameCookie = Request.Cookies[RememberMeCookieName];
            if (null != rememberMeUserNameCookie)
            {
                Response.Cookies.Remove(RememberMeCookieName);
                rememberMeUserNameCookie.Expires = DateTime.Now.AddYears(-1);
                rememberMeUserNameCookie.Value = null;
                Response.SetCookie(rememberMeUserNameCookie);
            }
        }
Serosa answered 27/7, 2015 at 17:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.