Sync session with authentication ticket to keep user logged on
I am using asp.net 3.5 with master pages.
When the user initially logs in and sets remember me to true, I would like to keep them logged in for 2 months.
I only use 1 session variable and that is to hold the userid. I use this id everywhere throughout the application.
I also use forms authentication and in IIS 7.5, I have set it not to expire for 2 months.
Problem is that although I have a procedure that checks and re-activates a session if user is authenticated, it does not do it very every procedure.
I would like to have the program recognize the user when they go to the web application and redirect them accordingly.
I am lost when it comes to authentication.
I hope this makes sense.
Thanks
When the user initially logs in and sets remember me to true, I would like to keep them logged in for 2 months.
I only use 1 session variable and that is to hold the userid. I use this id everywhere throughout the application.
I also use forms authentication and in IIS 7.5, I have set it not to expire for 2 months.
Problem is that although I have a procedure that checks and re-activates a session if user is authenticated, it does not do it very every procedure.
I would like to have the program recognize the user when they go to the web application and redirect them accordingly.
I am lost when it comes to authentication.
I hope this makes sense.
Thanks
#### Check and create session
Public Function CheckSessionAndReturnUser() As String
'need to check authorization ticket
Dim s As String = Nothing
If Session("UserID") = Nothing Then
If My.User.IsAuthenticated Then
s = SetUserIDSession()
Else
s = Nothing
End If
Else
s = Session("UserID").ToString
End If
Return s
End Function
### web.config
<authentication mode="Forms">
<forms loginUrl="Login.aspx" enableCrossAppRedirects="true"
slidingExpiration="true" cookieless="AutoDetect"
timeout="10" defaultUrl="/Stylist/Client_Services.aspx"
name=".ASPXAUTH"/>
</authentication>
### Login.aspx (I don't use the login control)
Protected Sub LoginButton_Click(ByVal sender As Object, ByVal e As System.EventArgs)
If Membership.ValidateUser(txtUserName.Text, txtPassword.Text) Then
If Me.RememberMe.Checked Then
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, txtUserName.Text, Today.Date, Today.AddMonths(2), True, "", FormsAuthentication.FormsCookiePath)
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, True)
Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
cookie.Expires = authTicket.Expiration
HttpContext.Current.Response.Cookies.Set(cookie)
End If
FormsAuthentication.SetAuthCookie(txtUserName.Text, True)
Response.Redirect("/Stylist/Redirecting.aspx?NewStylist=" & Me.HiNewStylist.Value.ToString & "")
Else
Alert.Show("The email and/or password is incorrect. Please retype your login information or click Register for a new account below.")
End If
End Sub
Ravi Vaddadi
where are you persisting the session?
ASKER
I am not sure what you mean.
In the CheckSessionAndReturnUser function above, I reset it, if the user is authenticated.
I do have the following in my master pages load event.
Thanks
In the CheckSessionAndReturnUser function above, I reset it, if the user is authenticated.
I do have the following in my master pages load event.
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'If Not Page.IsPostBack Then
If Session("UserID") = Nothing Then
Dim s As String = Nothing
Dim u As New SalonUtilities
s = u.CheckSessionAndReturnUser
If s = Nothing Then
Response.Redirect("/login.aspx")
End If
End If
' End If
End SubThanks
I hope you understand the session state management in asp.net. I was wondering if you are storing the session as Inproc (default) or state server or sql server
ASKER
Storing it as InProc.
I have read so much about sessions and authorizations, that my mind is scrambled and none of it makes since anymore.
I really do appreciate your help,
Thanks
I have read so much about sessions and authorizations, that my mind is scrambled and none of it makes since anymore.
I really do appreciate your help,
Thanks
As you are storing InProc, the session data is available only until the process is re-cycles. The data will be lost if the process is re-cycled.
You should be storing it in sql server or a state server
You should be storing it in sql server or a state server
ASKER
My question was how to sync them. I am sure there are better ways to do this, but after numerous searches, I haven't been able to find any examples on how to correctly setup authentication with a session variable.
If I had one, I would change it... but I am in the middle of beta testing so I can't take the time to try and unscramble what I have read.
If you have an example that would be great.
Thanks
If I had one, I would change it... but I am in the middle of beta testing so I can't take the time to try and unscramble what I have read.
If you have an example that would be great.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.