[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


.NET automatic login

Posted on 2007-07-21
Medium Priority
Last Modified: 2013-12-17
I'm creating a site in .NET2.0 that's accessed by a number of resellers. For each reseller I'm holding their details within the profile. The resellers log in to the companies main site and when they follow a link to my site I get sent their unique ID encrypted. From there I can decrypt their ID and populate the profile with the relevant information.
My problem is, how can I automatically log in a user using .NET2 if I've already got their username and password? The process needs to be seemless so I can't use the login control and get them to log in again. I've looked everywhere and can't find any information on this.
Any help would be greatly appreciated.
Question by:stevesuch
  • 2
LVL 11

Expert Comment

ID: 19542264
Look up this sort of thing.

FormsAuthentication.SetAuthCookie(sMemberID, false)
FormsAuthentication.RedirectFromLoginPage(sMemberID, false)

Expert Comment

ID: 19545616
There might be two solutions if I understand your question well:
1. Statefull - Enable Session and store the profile in a session variable (userProfile). If there is a "userProfile" session varible than you know at each request that your user is authenticated and you know who he is, otherwise the request cames from an unauthenticated user.
2. Stateless - By populating a cookie variable with the profile. The cookie will always move between server and browser and it's not a good choice if the profile is large. And it's the same policy, if you receive the "userProfile" cookie than you'll know the user otherwise is an unauth user.

Be carefull or/and make use of the timeouts of both.

Author Comment

ID: 19577639
Hi, Thanks for your replies,
coopzz - Is this a backdoor way of setting a users profile to authenticated then?
ripahoratiu - when you say store the profile in a session variable, can I store then entire profile in one variable? How would I go about this. Sorry I'm a little confused.
LVL 11

Accepted Solution

coopzz earned 2000 total points
ID: 19579490
I wouldn't call it a backdoor more of a manual way of authorising the way you want it to work. I believe there're called in the automatic created controls anyway..  It's also how you authorise in your own propriority way (ie: to SQL) but still want the use the .net User Authority controls.

If you google around a bit theres heaps of infomation on using that FormsAuthentication class.

SO it does do the same thing is storing a security cookie and all that, but now you get to be able to log in anything you decide is applicable.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A basic question.. “What is the Garbage Collector?” The usual answer given back: “Garbage collector is a background thread run by the CLR for freeing up the memory space used by the objects which are no longer used by the program.” I wondered …
In my previous two articles we discussed Binary Serialization (http://www.experts-exchange.com/A_4362.html) and XML Serialization (http://www.experts-exchange.com/A_4425.html). In this article we will try to know more about SOAP (Simple Object Acces…
Integration Management Part 2
Loops Section Overview
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question