Question

How can I save a user name and password so that when the user opens their browser again, I can retreive that information and sign them in automatically?

Asked by: mmedi005

How can I save a user name and password so that when the user opens their browser again, I can retreive that information and sign them in automatically?

I'm using ASP .NET 2.0 w/ C#

and using Form Authentication for logging in a user.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-08-25 at 07:41:02ID24679991
Topics

Programming for ASP.NET

,

Microsoft Visual C#.Net

Participating Experts
2
Points
500
Comments
29

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Passing "+" sign in Querystring
    i want to pass "+" sign in my Querystring?
  2. Retreiving Values
    I have this code: <% MemberID=Request.Form("a") If Request.QueryString("action")="post" AND TRIM(MemberID) <> "" then IF Request.form("field") = "memberid" then If Left(MemberID,1) = "%" AN...
  3. Single Sign On
    Hello, We have an intranet hosted on websphere and developed in jsp. All the machines in our org are Windows 2000 and XP. The web server is on Win 2K. We are currently considering options to make single sign on for our intranet. Is this possible with jsp. I am stuck at one p...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: sybePosted on 2009-08-25 at 08:35:47ID: 25178684

It is the browser that does that. Store some stuff in a cookie. Could be a long unique random string that identifies the user in the database.

 

by: guru_samiPosted on 2009-08-25 at 08:56:38ID: 25178926

When using FormsAuthentication you can make it Persistent cookie..i.e. what happens when you select Remember Me checkbox..

e..g
FormsAuthentication.RedirectFromLoginPage(username,true); //note passing true
or
FormsAuthentication.SetAuthCookie(username,true)

 

by: mmedi005Posted on 2009-08-25 at 09:01:16ID: 25178985

>>When using FormsAuthentication you can make it Persistent cookie..i.e. what happens when you select Remember Me checkbox..

So how do I retrieve the username and password to authenticate them again in the background and sign them in automatically, without the user entering anything again?

 

by: guru_samiPosted on 2009-08-25 at 09:04:45ID: 25179020

User do not have to enter anything.....as long as a valid forms authentication cookie exists on the user computer ....whenever user tries to visit your site (from same computer) he/she will not be asked for any credentials but will be automatically logged-in.

 

by: mmedi005Posted on 2009-08-25 at 09:06:18ID: 25179037

and either one of these statements below sets the valid forms authentication cookie?

e..g
FormsAuthentication.RedirectFromLoginPage(username,true); //note passing true
or
FormsAuthentication.SetAuthCookie(username,true)

 

by: guru_samiPosted on 2009-08-25 at 09:11:02ID: 25179087

yes....you use either of that when the user first tries to Login using username/password.

The First One will redirect automatically to Default page or some requested secured page upon login.
When using Second ...you have to explicitly redirect like:
FormsAuthentication.SetAuthCookie(username,true)
Response.Redirect("To somepage.aspx");

 

by: guru_samiPosted on 2009-08-25 at 09:11:20ID: 25179091

 

by: mmedi005Posted on 2009-08-25 at 14:13:07ID: 25182326

I have this but can't get it to save the user name, and it wont show on the next page when i call Identity.Name

any ideas

code below

webconfig
 
.....
 
    <authentication mode="Forms">
      <forms loginUrl="admin/signin.aspx"
             protection="All"
             path="admin"
             requireSSL="false"
             slidingExpiration="true"
             cookieless="UseDeviceProfile"
             enableCrossAppRedirects="false" />
    </authentication>
    <authorization>
      <allow users="*"/>
      <deny users="?"/>
    </authorization>
 
.....
 
signin.aspx
 
    protected void LogonUser(object sender, EventArgs e)
    {
        string user = uxUserNameTextbox.Text;
        string pwd = uxPasswordTextbox.Text;
 
        bool bAuthenicated = Security.AuthenticateUser(user, pwd);
 
        if (bAuthenicated)
        {
            if (uxRememberCheckBox.Checked)
                FormsAuthentication.RedirectFromLoginPage(user, true);
            else
                FormsAuthentication.RedirectFromLoginPage(user, false);
 
            Response.Redirect("welcome.aspx");
        
        }
        else
            uxErrorLabel.Text = "User name or password is not correct.<br /><br />";
    }
 
Security class
 
.....
 
    public static bool AuthenticateUser(string username, string pwd)
    {
        int found = 0;
 
        using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["db"].ConnectionString))
        {
            SqlCommand cmd = new SqlCommand("sp_AuthenticateUser", conn);
            cmd.CommandType = CommandType.StoredProcedure;
            cmd.Parameters.Add("@Username", SqlDbType.VarChar, 10).Value = username;
            cmd.Parameters.Add("@Password", SqlDbType.VarChar, 50).Value = pwd;
 
            try
            {
                conn.Open();
                found = (int)cmd.ExecuteScalar();
 
            }
            catch (Exception e)
            {
                throw new Exception(e.Message);
            }
            finally
            {
                conn.Close();
            }
        }
 
        return (found > 0);
    }
 
.....
 
Global.asax
 
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
        
        If Request.IsAuthenticated Then
            
            
            Using conn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("db").ConnectionString)
                
                Dim cmd As SqlCommand = New SqlCommand("sp_GetEmployeeAccessList", conn)
                Dim reader As SqlDataReader
                
                cmd.CommandType = CommandType.StoredProcedure
                cmd.Parameters.AddWithValue("@EmployeeID", User.Identity.Name)
                
                Try
                    
                    conn.Open()
                    reader = cmd.ExecuteReader
                    
                    Dim roleList As New ArrayList
            
                    Do While reader.Read()
                        roleList.Add(reader("AccessID"))
                    Loop
                    
                                
                    Dim roleListArray As String() = roleList.ToArray(GetType(String))
            
                    HttpContext.Current.User = New GenericPrincipal(User.Identity, roleListArray)
                    
                    reader.Close()
                    conn.Close()
                    
                Catch ex As Exception
                    Throw New Exception(ex.Message)
                Finally
                    cmd.Dispose()
                End Try
                
            End Using
        
        End If
    
    End Sub

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:

Select allOpen in new window

 

by: guru_samiPosted on 2009-08-25 at 14:27:15ID: 25182447

try removing  <allow users="*"/>

<authorization>    
      <deny users="?"/>
    </authorization>
Secondly set breakpoints at line:
33 and 35 ..see which statement is hit..

Third thing: When using FormsAuthentication.RedirectFromLoginPage you do not need
line 37  Response.Redirect("welcome.aspx");
If you need Line 37....
then change
 FormsAuthentication.RedirectFromLoginPage  -->to
 FormsAuthentication.SetAuthCookie

Just drag and drop "LoginName" and LoginStatus Controls on your next Page

 

by: mmedi005Posted on 2009-08-25 at 14:52:58ID: 25182669

made the changes and for some reason the web page isnt following the CSS for the page.  

Plus I'm not getting any of the information to save in the Identity.Name field


any ideas?

 

by: guru_samiPosted on 2009-08-25 at 15:10:50ID: 25182799

for css yes...You will have to add explicit permission to all uses for Css file
add this to your web.config ...


<configuration>
.....
    <system.web>
        .................
   </system.web>
 .....
<location path="CustomerFolder">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>

Did you set breakpoints and see whats happening...
Did you try placing LoginName/LoginStatus on your next page that follows on login

 

by: guru_samiPosted on 2009-08-25 at 15:12:00ID: 25182810

my bad..
<location path="CustomerFolder">
should be
<location path="pathToYouCss">

could be:
<location path="styles.css">

OR
<location path="~/stylesFolder">

 

by: mmedi005Posted on 2009-08-26 at 06:34:14ID: 25187433

Got this error setting up the webconfig file


Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS.

Line 110:      <authentication mode="Forms">

 

by: guru_samiPosted on 2009-08-26 at 07:26:00ID: 25188005

where did you set that ?
You can set authentication in root web.config only and not inside a folder.

 

by: mmedi005Posted on 2009-08-26 at 07:31:32ID: 25188065

ok,

Do I have to set all my admin pages in 1 sub folder?

or can I set my admin pages in mutliple sub folders.  

I have HR subfolder and also an admin folder.

HR has some admin pages that u authorization t see and all of admin pages need authorization.

Can this be achieved or should I put al lin 1 sub folder?

 

by: guru_samiPosted on 2009-08-26 at 07:37:05ID: 25188122

you can put the pages in subfolder ...
You cannot use authentication in sub-web.config but you can use authorization in sub-web.config
So set authorization for each sub-folder accordingly.

Also are you planning to put sub-folder HR withing the Admin folder or just a separate folder within the root..?
It doesn't matter though where you put as long as it has proper authorization rules.

 

by: mmedi005Posted on 2009-08-26 at 07:44:02ID: 25188198


>>Also are you planning to put sub-folder HR withing the Admin folder or just a separate folder within the root..?

yes, HR is a seperate folder in the root

>>So set authorization for each sub-folder accordingly.

How do I achieve this

 

by: guru_samiPosted on 2009-08-26 at 07:52:06ID: 25188296

Add a web.config to your sub-folders...

<configuration>  
<system.web>
<authorization>
<deny users="?"/> //this will deny anonymous access
</authorization>
</system.web>
</configuration>

Note:
1: You just want to deny anonymous access correct ? If you want to add roles you will have to modify above rules

2: If it is just anonymous access and no roles then in that case--> if your root web.config is denying anonymous access your sub-folder are by default secure from anonymous users and in that case you don't need this second web.config.

 

by: mmedi005Posted on 2009-08-26 at 08:04:45ID: 25188467

what if I have 3 web pages that are open to any user and 2 that are not in the HR folder.

can you set that in the webconfig file?

 

by: guru_samiPosted on 2009-08-26 at 08:08:58ID: 25188510

you can set authorization rules per page using <location...> as mentioned earlier in css case....
Check this for more info:
http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx

 

by: mmedi005Posted on 2009-08-26 at 08:10:00ID: 25188519

Also when I use User.Identity.Name it gives me my PC name and not the user name entered at login.

Is this from the webconfig settings?

 

by: guru_samiPosted on 2009-08-26 at 08:14:40ID: 25188572

because i think you removed Forms Authentication from your root web.config

Your root web.config should have:
<authentication mode="Forms">

 

by: mmedi005Posted on 2009-08-26 at 08:19:20ID: 25188632

Beautiful, I think it's put together, thank you for staying on top of this.

 

by: mmedi005Posted on 2009-08-26 at 08:20:30ID: 25188644

now that all is set, if i close the browser, will it remember my username and password and automatically log me in?

 

by: guru_samiPosted on 2009-08-26 at 08:22:51ID: 25188673

Try it and see... it should...
also you through the link I provided earlier ...
It shows how to set different attributes for FormsAuthentication.
One important to note is "timeout" you can set it to too high value ..default is 30 min.
This along with Persistent should do the job....but again client should be accepting cookies.

 

by: mmedi005Posted on 2009-08-26 at 08:26:12ID: 25188719

sounds good, 1 more thing before i let you go,

when I go to my signin.aspx page it sends me to this link:

...login.aspx?ReturnUrl=%2fnet%fadmin%fsignin.aspx


what attribute can change this?

 

by: guru_samiPosted on 2009-08-26 at 08:29:01ID: 25188760

if you don't set loginUrl for formsAuthentication by default it is login.aspx...
so you should have your authentication set like this:

<authentication mode="Forms">
      <forms loginUrl="~/admin/signin.aspx" />
    </authentication>

 

by: guru_samiPosted on 2009-08-26 at 08:29:56ID: 25188773

hope loginUrl was correct...if not set it accordingly to your login page url

 

by: mmedi005Posted on 2009-08-26 at 08:31:18ID: 31620185

guru_sami is the man...thanks for everything!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...