locked
Authentication cookie exists but still not authenticated RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User2108892867 posted

    Hello everyone, I have an issue with form authentication. I want to create remember me functionality. Things seems to work fine cause I can see that the ASPXAUTH cookie is created and the expiry date is one month from now. But for some reason after some time leaving my browser idle, I need to log in again. I am not sure why. 

    Any idea how I can fix this? 

    Thanks. 

    Wednesday, March 23, 2016 2:48 AM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1668407124 posted

    I use this code and its working fine.

    protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                if (Request.Cookies["username"] != null)
                {
                    txtUID.Text = Request.Cookies["username"].Value;
                    txtPWD.Attributes.Add("value", Request.Cookies["password"].Value);
                }
            }
        }

        protected void btnlogin_Click(object sender, EventArgs e)
        {
            if (chkRemember.Checked == true)
            {
                Response.Cookies["username"].Value = txtUID.Text;
                Response.Cookies["username"].Expires = DateTime.Now.AddDays(30);
                Response.Cookies["password"].Value = txtPWD.Text;
                Response.Cookies["password"].Expires = DateTime.Now.AddDays(30);
            }
            Response.Redirect("WebForm1.aspx");
        }

    Wednesday, March 23, 2016 8:14 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User2108892867 posted

    Nirali thanks for the reply. I was thinking about this also but the problem with that is security. The username and password will be stored in the cookie as plain text so if someone wants to check it, they can steal it very easily.

    Thanks anyway

    Wednesday, March 23, 2016 10:19 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User2057738320 posted

    this may  caused by cookie path.

    eg. the root site is  www.asp.net  and sub virtual path is  www.asp.net/bbs  

    if you create cookie in /bbs directory, you can see cookie, but, it is not valid for www.asp.net

     so, you can try set cookiepath="/" in web.config, at the same time, set timeout this will set cookie time

    sorry, I forget timeout unit.

    <authentication mode="Forms" >
    <forms path="/" timeout="200"></forms>
    </authentication>

    by default, if you close browser, the cookie will will expire. so you need set timeout, this will keep cookie

    Wednesday, March 23, 2016 10:32 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1668407124 posted

    Try

    if (chkRemember.Checked == true)
            {
                //clear any other tickets that are already in the response
                Response.Cookies.Clear();

                //set the new expiry date – to thirty days from now
                DateTime expiryDate = DateTime.Now.AddDays(30);

                //create a new forms auth ticket
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, txtUID.Text, DateTime.Now, expiryDate, true, String.Empty);

                //encrypt the ticket
                string encryptedTicket = FormsAuthentication.Encrypt(ticket);

                //create a new authentication cookie – and set its expiration date
                HttpCookie authenticationCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                authenticationCookie.Expires = ticket.Expiration;

                //add the cookie to the response.
                Response.Cookies.Add(authenticationCookie);
            }


    this

    Wednesday, March 23, 2016 10:57 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User2108892867 posted

    I will give it a try and get back to you, mqingqign123. I have tried many things but not the one you mentioned. By the way, the unit of timeout is minute. 

    Wednesday, March 23, 2016 11:27 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User2108892867 posted

    Thank you for all the replies. I think I found out the reason after a few days of digging. The reason that my authentication cookie does't work is because the timeout. Although I added 30 days to make the authentication cookie last longer but when the timeout is up a new machine key is generated and as a result, the cookie can't be decrypted. So what I did is to set a static machine key in my web.config file. Here is how to generate and apply it to the web.config file. 

    https://blogs.msdn.microsoft.com/amb/2012/07/31/easiest-way-to-generate-machinekey/

    If you got internal server error, please have a look at this link, you need to add compatibilityMode="Framework20SP1" in the machine key configuration in web.config. Please have a look at this link

    http://stackoverflow.com/questions/15002960/isolateapps-causes-decryption-key-specified-has-invalid-hex-characters

    Hope it helps others too. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, March 24, 2016 3:33 AM