navarend navarend - 1 month ago 5
ASP.NET (C#) Question

asp login with session

Hello guys I have a login, when the user was validated in the system, he can surf by the pages, but my problem is when the user accidentally closed the browser and again went back to the website, he needs to validate in the login, I create the follow cookie:

Dim cookie As New HttpCookie("myCookie")
cookie.Value = Usuario.Cve_Usuario
cookie.Expires = DateTime.Now.AddDays(2)
Response.Cookies.Add(cookie)

If Not User.Identity.IsAuthenticated OrElse Session("UserCookie") Is Nothing Then
FormsAuthentication.SignOut()
FormsAuthentication.RedirectToLoginPage()
Response.End()
End if


Summary: when the browser was closed and come back to the web site has not validate, only if it is the same day, else he validate in the system.

Any idea, some tutorial is well welcome.

Thanks for your comments.

Answer

In your code you create cookies and then check it. There should be different scenarios:

  1. If there are no cookies you authenticate user via form and set cookies
  2. If cookies are presented you use cookies' value

Example

Private Sub cmdLogin_ServerClick(sender As Object, e As System.EventArgs)
If ValidateUser(txtUserName.Value, txtUserPass.Value) Then
    Dim tkt As FormsAuthenticationTicket
    Dim cookiestr As String
    Dim ck As HttpCookie
    tkt = New FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now, DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data")
    cookiestr = FormsAuthentication.Encrypt(tkt)
    ck = New HttpCookie(FormsAuthentication.FormsCookieName, cookiestr)
    If chkPersistCookie.Checked Then
        ck.Expires = tkt.Expiration
    End If
    ck.Path = FormsAuthentication.FormsCookiePath
    Response.Cookies.Add(ck)

    Dim strRedirect As String
    strRedirect = Request("ReturnUrl")
    If strRedirect Is Nothing Then
        strRedirect = "default.aspx"
    End If
    Response.Redirect(strRedirect, True)
Else
    Response.Redirect("logon.aspx", True)
End If
End Sub

in global.asax

Protected Sub FormsAuthentication_OnAuthenticate(sender As [Object], e As FormsAuthenticationEventArgs)
If FormsAuthentication.CookiesSupported = True Then
    If Request.Cookies(FormsAuthentication.FormsCookieName) IsNot Nothing Then
        Try
            'let us take out the username now                
            Dim username As String = FormsAuthentication.Decrypt(Request.Cookies(FormsAuthentication.FormsCookieName).Value).Name

            'let us extract the roles from our own custom cookie
            Dim roles As String = DBHelper.GetUserRoles(username)

            'Let us set the Pricipal with our user specific details
            e.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(";"C))
                'somehting went wrong
        Catch generatedExceptionName As Exception
        End Try
    End If
End If
End Sub

See complete example here