locked
ASP.NET MVC Identity RRS feed

  • Question

  • Hi, 
    I cant use remember me check box in my apps,

    I tryed create new default asp.net project with "individual users" 
    but nothing changed, 
    if I login without check rememberme, its ok.
    but when i check rememberme, 
    login succesfuly in ``SignInStatus`` but not login to system

    everthing in this video
    video


     
    • Moved by CoolDadTx Monday, June 1, 2020 8:49 PM ASP.NET related
    Saturday, May 30, 2020 12:39 PM

All replies

  • There is a sticky post at the top of the C# forum about where to post about ASP.NET issues.
    Saturday, May 30, 2020 1:07 PM
  • i found this in chrome network tab why rememberme true and false both

    
    Saturday, May 30, 2020 2:35 PM
  • First off, you should never store the user's credentials in a cookie. It's incredibly insecure. The password will be passed with every request as well as being stored in plain text on the user's machine.

    Second, don't reinvent the wheel, especially when security is concerned, you'll never get it right.

    ASP.Net already provides this functionality securely with Forms Authenitcation and Membership Providers. You should take a look into that. Creating a default MVC project will include the basic authentication setup.

    Update

    You can still use .NET forms authentication without implementing a membership provider. At a basic level it would work like this.

    You enable forms authentication in you web.config

    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
    </authentication>

    You decorate the actions or the controllers you would like to secure with the [Authorize] attribute.

    [Authorize]
    public ViewResult Index() {
      //you action logic here
    }

    Then create a basic login action

    [HttpPost]
    public ActionResult Login(LoginViewModel dto) {
    
      //you authorisation logic here
      if (userAutherised) {
        //create the authentication ticket
        var authTicket = new FormsAuthenticationTicket(
          1,
          userId,  //user id
          DateTime.Now,
          DateTime.Now.AddMinutes(20),  // expiry
          rememberMe,  //true to remember
          "", //roles 
          "/"
        );
    
        //encrypt the ticket and add it to a cookie
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,   FormsAuthentication.Encrypt(authTicket));
        Response.Cookies.Add(cookie);
    
        return RedirectToAction("Index");
    
      }
    
    }

    • Edited by MSTGuy Saturday, May 30, 2020 3:05 PM
    Saturday, May 30, 2020 3:05 PM
  • i found this in chrome network tab why rememberme true and false both

    
    http://forums.asp.net/
    Saturday, May 30, 2020 6:26 PM
  • Please post questions related to ASP.NET in the ASP.NET forums.

    Michael Taylor http://www.michaeltaylorp3.net

    Monday, June 1, 2020 8:49 PM