.NET automatic login

Posted on 2007-07-21
Last Modified: 2013-12-17
I'm creating a site in .NET2.0 that's accessed by a number of resellers. For each reseller I'm holding their details within the profile. The resellers log in to the companies main site and when they follow a link to my site I get sent their unique ID encrypted. From there I can decrypt their ID and populate the profile with the relevant information.
My problem is, how can I automatically log in a user using .NET2 if I've already got their username and password? The process needs to be seemless so I can't use the login control and get them to log in again. I've looked everywhere and can't find any information on this.
Any help would be greatly appreciated.
Question by:stevesuch
    LVL 11

    Expert Comment

    Look up this sort of thing.

    FormsAuthentication.SetAuthCookie(sMemberID, false)
    FormsAuthentication.RedirectFromLoginPage(sMemberID, false)
    LVL 9

    Expert Comment

    There might be two solutions if I understand your question well:
    1. Statefull - Enable Session and store the profile in a session variable (userProfile). If there is a "userProfile" session varible than you know at each request that your user is authenticated and you know who he is, otherwise the request cames from an unauthenticated user.
    2. Stateless - By populating a cookie variable with the profile. The cookie will always move between server and browser and it's not a good choice if the profile is large. And it's the same policy, if you receive the "userProfile" cookie than you'll know the user otherwise is an unauth user.

    Be carefull or/and make use of the timeouts of both.

    Author Comment

    Hi, Thanks for your replies,
    coopzz - Is this a backdoor way of setting a users profile to authenticated then?
    ripahoratiu - when you say store the profile in a session variable, can I store then entire profile in one variable? How would I go about this. Sorry I'm a little confused.
    LVL 11

    Accepted Solution

    I wouldn't call it a backdoor more of a manual way of authorising the way you want it to work. I believe there're called in the automatic created controls anyway..  It's also how you authorise in your own propriority way (ie: to SQL) but still want the use the .net User Authority controls.

    If you google around a bit theres heaps of infomation on using that FormsAuthentication class.

    SO it does do the same thing is storing a security cookie and all that, but now you get to be able to log in anything you decide is applicable.

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Welcome my friends to the second instalment and follow-up to our Minify and Concatenate Your Scripts and Stylesheets (…
    Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now