I have a strange requrement twist on the Login RememberMe function. When a user selects RememberMe on the Login Control, I have to default in the User Name and check the RememberMe box. Upon Login, if they de-select the checkbox, then stop defaulting in the User Name and uncheck the RememberMe box.
The idea is that the user will always be required to type in thier password in order to log in. I've tried several variations of using either the membership or cookies, but then have an issue with how to log out or de-authenticate the user while keeping the cookies.
If I do a FormsAuthentication.SignOu
I can set the text box properties and remember me properties of the Login control using this code:
TextBox un = (TextBox)Login1.FindContro
un.Text = rmCookie["RememberMe"];
Login1.RememberMeSet = true;
But if you try to put this in the page OnLoad event you get stuck and can't login - I believe that's because it's causing a changed event on the textbox.
None of the things I've tried have worked. i'm thinking that surely someone out there has done something like this and it's fairly simple.
Any ideas on how to make something like this work?
I'm doing aspx.cs (code behind) with an asp.net 2.0 Login control.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
are you using the cookie created by FormsAuthentication?
it might be possible to use your own cookie instead. In that way, even if you call FormsAuthentication.SignOu
It looks like your on the right track but not sure what this means by "you get stuck and can't login - I believe that's because it's causing a changed event on the textbox."
I think this is what Martin was talking about:
<Quote>
If you want the control to display a Remember me next time check box, set the DisplayRememberMe property to true. If a user selects the Remember me next time check box when he or she logs in, the authentication token will be stored in a persistent cookie in the browser.
</Quote>
Bob
Yes, I've looked at that article and others like it. The problem is that what I have to do isn't "standard". Normally, Forms authentication want's to log you in automatically, like it does on this site at Experts-Exchange.
In our case, we don't want it to actuallly log the user in (it's okay for them to authenticate using standard forms authentication) but they can't get to the application until they supply thier password and click the login button.
This is the scenario where I've been running into trouble. When I try to use forms authentication, the problems comes when the user logs out. They're technically still authenticated, just not to the app. So if I use only the authentication ticket, there will be one whether there's a cookie or not and the user name will display even though they haven't selected to "remember me".
Things seem to work fine if you just login, close down the browser and come back. But when you log out and go back to the default public page, I'm always getting finding either the cookie or the auth ticket from the previous session.
My thought was to just write a cookie with the username in it, then check for the presense of the cookie and throw the username into the Login box. I just haven't been able to get this to work and beginning to think that I should just bite the bullet and code the complete login component as custom rather than using the 2.0 Login control.
I just hoped there'd be an easier way that that.
My other thought was to just store a "remember me" flag in SQL Server then when the user authenticates via the authentication ticket - read the data field to see if they want to be remembered. I'd really like to avoid making a db change for this though, if I can avoid it.
I hope that clarifies things a bit more. Let me know if you have more specific questions.
The proper question might be what code should be written to log the user out so they clear all the cookies from memory, clear the session variables, and establish a new session? If I could do all that properly, then the default process from the Login control would work. But if you do a FormsAuthentication.LogOut
Thanks for the feedback everyone. I wish it were simple, but then I wouldn't have needed to post the question.
Bryant
Let me give an example of what I've been running into.
Say I sign in and select the rememberMe check box from the Login control. I get a persistent cookie with the authentication ticket inside.
Now if I add the following code:
MembershipUser mu = Membership.GetUser();
TextBox un = (TextBox)Login1.FindContro
if (mu.UserName != null)
{
un.Text = mu.UserName;
Login1.RememberMeSet = true;
}
The login control has my username filled in and the rememberme box is checked.
There is no other code in entire login.ascx.cs file
But when I type my password and click login it doesn't go anywhere. This same behavior occurs whether I put the code (listed above) in the Page_Load or in the Login_Init.
The login control is defined as follows:
<asp:Login ID="Login1" runat="server" DestinationPageUrl="~/App/
The login button is as follows:
<asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Sign in" ValidationGroup="ctl00$Log
If I uncheck the Remember Me box and watch my temporary internet files, the cookie / auth ticket is removed. If if check and sign in again, the cookie/auth ticket is there again. The problem is that it doesn't ever get me to my app/AccountSummary.aspx page.
If I remove the code everthing works normally, but I don't have my username and remember me pre-filled in.
Any suggestions would be welcome.
Thanks,
Bryant
okay so first of all u r are using form authantication not windows so once you log out you logout...how will user stay logged in...he wont.....second you want to display user name before user app access your DB so database is out of question. Only way is cookies....see think about it....if i login and check the remmeber me checkbox then your app should create a cookie and save it on my machien....so next time when i open your webpage....on the page load you should access my pc and retrive that cookie value.....NOW you can set cookie life to whatever you want....so say if you set your cookie life to forever or couple of year then it will nto expire. ONLY when user will cean their brower history then cookie will be gone but that is true in any scenario.
You're right about having to definitely go with Cookies. And you're correct
So here's what I've discovered and it leads me to the conclusion that I'm going to indeed have to write my own custom login component/control because the asp.net 2.0 Login Control won't let you set the username text field.
I got down to the basic problem I was having and tested it very simply. Here's what I did:
I took the following code and pasted it one-at-a-time into each of the following Login Control events.
OnDataBinding
OnInit
OnLoad
OnPreRender
I also tried the same events on the UserName TextBox control within the Login control.
I further tried the code in the Page_Load event
Here's the code I used:
TextBox un = (TextBox)Login1.FindContro
un.Text = "TestUser";
This simply finds the the text box in the Login control and sets it to a username - very simple.
I setup the TestUser account and ensured I was able to properly login using that username before I began my test.
The result is that no matter what event I placed that code to populate the username, I could not log in. The Login control gets stuck in some sort of loop and won't fire of the LoggingIn or LoggedIn event. It gives no errors and doesn't even fire off the OnLoginError event.
The net result was that it appears to the user as if they never hit the Sign In button. In debug mode, the Login control seems to Load the Page multiple times and initialize a number of times, then just simply stops. I also noticed that at some point it clears out the username and password, then fires the various event I had my code in, and repopulates the username from my code.
So my choice is to either write a custom login or possibly use the OnAuthenticate event or the OnClick event of the Sign In button to manually code the authentication and login logic.
This appears to be a bug in the Login control. Can anyone else confirm this, or have any other suggestions? I don't know if the Login.UserName method can be overridden to add a set. Currently it's read only. Perhaps if I were able to do an override, and set the UserName field that way instead of through the text box, it would work. Any thoughts out there?
Thanks again for the feedback.
Bryant
i could not pinpoint exactly what is causing the issue your describing. but i have to say that i have seen or worked on a working implementation of this (however for confidentiality reasons i couldn't post the whole code). that is, set the username of logincontrol and use custom cookies to store the username and remember me (used non formsAuthentication created cookies). if i'm not mistaken, it is the password textbox/field that cannot be set from code. the username and remember me can be set fine and once they are rendered to the browser it's as if the user entered them manually and clicking the login should behave properly (unless maybe some other manipulations are made i.e. textbox is disabled et al).
i believe you have a work around already but this is just for info. but might worth looking into if you have time as there may be something in code or settings that causes this issue and might get you into trouble even with a custom implementation of login
Business Accounts
Answer for Membership
by: mmarinovPosted on 2007-06-26 at 00:35:52ID: 19361487
Hello Bryav,
Have you checked this article: http://msdn2.microsoft.com
There are very good descriptions of the abilities of the Login control
Regards,
mmarinov