SharePoint Dev Center >
Non-persistent SPClaimsUtility.AuthenticateFormsUser()

Pregunta Non-persistent SPClaimsUtility.AuthenticateFormsUser()

  • Thursday, February 23, 2012 7:37 PM
     
     
    Sign In to Vote
    0

    I'm using Sharepoint 2010 with Forms Based Authentication, and when a new user registers on the site, I would like to automatically log that user in immediately after registration.

    I can do this pretty easily with SPClaimsUtility.AuthenticateFormsUser(), but this causes the FedAuth cookie to be persistent across browser sessions, as if "Remember Me" was checked. I would like to have the login only last for the browser session, so that the next time the user returns (after closing the browser) the user is asked to log in.

    The key is that I still need the "Remember Me" to work if the user explicitly selects it on any subsequent logins, so I can't just disable persistent FBA cookies.

    I've tried replacing AuthenticateFormsUser() with FormsAuthentication.SetAuthCookie(), but couldn't get it to work (crash). I also tried using FormsAuthenticationTicket, but I couldn't get that to log the user in either. I've even tried to manually set the expiration of the FedAuth cookie, but this just causes the user to be logged out.

    Any suggestions how I can either make AuthenticateFormsUser() non-persistent, or some alternative to this method? Thanks!

     

All Replies

  • Tuesday, February 28, 2012 2:42 AM
     
     
    Sign In to Vote
    0

    Hi a_h_roth,

    Thanks for your post!

    I am trying to involve some one familiar with this topic to do some further research.

    Thanks,
    Simon

    Simon Huang

    TechNet Community Support

     
  • Tuesday, March 06, 2012 1:00 AM
     
     
    Sign In to Vote
    0
    http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/4556a19a-6981-40db-b644-27188e066a0a
     
  • Wednesday, March 07, 2012 7:28 PM
     
     
    Sign In to Vote
    0

    Thanks for the reply, Manish.  However, I'm confused by this answer.  I don't want to make *all* login cookies session based.  I still want to give the average user the ability to sign in with or without "Sign in automatically".  What I want to control is if I automatically sign a user in using SPClaimsUtility.AuthenticateFormsUser(), that the cookies are session cookies.  Currently, it seems that they are persistent cookies, and there's nothing I can do to change that.

    Did I miss something?

    Thanks!

     
  • Wednesday, March 07, 2012 8:24 PM
     
     
    Sign In to Vote
    0

    If I understand you may have to use “createpersistentcookie” parameter of the RedirectFromLoginPage

    http://technet.microsoft.com/en-us/query/1f5z1yty


     
  • Thursday, March 15, 2012 7:39 PM
     
     
    Sign In to Vote
    0
    was this ever resolved? I have the same issue...
     
  • Friday, May 04, 2012 11:15 PM
     
     
    Sign In to Vote
    0

    As far as I know, the only way to achieve this is to decompile the code of the /_forms/default.aspx page and use reflection to achieve this (because the key objects that perform the cookie issuance are private or internal). You might want to take a look at http://social.technet.microsoft.com/Forums/nl-NL/sharepoint2010programming/thread/06ec9060-4b98-412c-b6d5-7a7139b36839

    My experience dealing with reflection is less than ideal though because the signature of the methods involved have changed in recent cumulative updates and you might not be able to use that code on every possible SharePoint 2010 version.

    I'd love MS to provide a decent way to achieve this without having to hack through the internal SP OM. It's mind-boggling that it's so difficult to replicate something as simple as the SP-Forms login page with custom code.

    My 2 cents,

    Raphael.

    Raphael Londner - www.riolinx.com

     
  • Friday, May 04, 2012 11:51 PM
     
      Has Code
    Sign In to Vote
    0

    Let me backtrack on what I wrote above. Microsoft actually made the "interesting" method public some time in late 2011 (at least in the December 2011 CU, but possibly earlier), so the code is now easier to write: you still need to call the GetSecurityToken method as implemented in http://social.technet.microsoft.com/Forums/nl-NL/sharepoint2010programming/thread/06ec9060-4b98-412c-b6d5-7a7139b36839

    but in the EstablishSessionWithToken method, you no longer need to call the following (as of SP CU Dec 2011, at least)

    typeof(SPFederationAuthenticationModule).GetMethod("SetPrincipalAndWriteSessionToken", BindingFlags.Instance | BindingFlags.InvokeMethod | BindingFlags.NonPublic)
                        .Invoke(fam, new object[] { securityToken, sessionCookie });

    Instead you can just call:

    fam.SetPrincipalAndWriteSessionToken(token, writeOperationType);

    But that this will only work with recent versions of SharePoint.

    Raphael Londner - www.riolinx.com