Using cookie to remember credential in mobile devices

I have a requirement to build a responsive web application where users would like the browser to remember their login credential for about a month.  I have a couple of question about this.
1.  In a PC I could use a cookie to do this.  What do I do when it's a mobile device?  How can I set the browser to remember the user's credential when they navigate to the site?
2.  Can I use that for all browser on the mobile device?
3.  They want the web application to authenticate using users' window' account credential.   I'm not sure if I can store the user's password since it's in AD.  How can I do this?

Thank you.
lapuccaAsked:
Who is Participating?
 
Imran Javed ZiaConsultant Software Engineer - .NET ArchitectCommented:
Hi,

Do you want to make remember me cookieless?

In general, you don't have to take care either it is desktop or any other device until unless you have browser which is cookie  enabled.

for best practices on cookie and authentication please refer to following articles:

http://jaspan.com/improved_persistent_login_cookie_best_practice
https://web.archive.org/web/20150204143440/https://resonantcore.net/blog/2015/02/remember-me-safely-secure-long-term-authentication-strategies

Thanks and Regards
0
 
ambienceCommented:
You should not have to do anything specific for a Mobile browser at the Server's end. Mobile browsers indeed support Cookies, whether all browsers support cookies at all the times? The answer is probably No, which is true even for a desktop browser, where cookies can be turned off.

As for authentication, the credentials are to be supplied by the user, and then remembered. You only have to use these credentials to login to the AD and/or Impersonate the user.

See this code example: https://msdn.microsoft.com/en-us/library/system.security.principal.windowsimpersonationcontext.aspx
0
 
lapuccaAuthor Commented:
So, my codes doesn't, and shouldn't, do anything about storing or remember the user's credential?  that would be my preference.  So, is it up to the users to configure the browser they're using on their device to remember login credential?

Customer's requirement is not having to entering their userid or password each time they browse to the website, for up to 30 datys.  

Thank you.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
ambienceCommented:
You should push the creds as a cookie to the client. Client per discretion can enable or disable cookies. In the latter case, your website would continue as usual and ask for credentials.
0
 
lapuccaAuthor Commented:
What do you mean by my application "push" the credential as a cookie?  

The user will be logging into the web application using their Window's credential.  By pushing, do I store their userid and password on the browser as a cookie?

Thank you.
0
 
ambienceCommented:
It just means, send a cookie from the server to be stored on the client.

By pushing, do I store their userid and password on the browser as a cookie?

Exactly! After a successful login.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.