1

I am creating a web app where in one of the functionality I need is to automatically login the user for which cookie is not expired yet. Below code is my starting point - 

HttpCookie curCookie = Request.Cookies[".ASPXAUTH"];

if (curCookie != null)
{
      FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(curCookie.Value);
      var userName = ticket.Name;

      using (MyDBContext db = new MyDBContext())
      {         
          // what to do here?

      }
}

If the cookie has expired, then I can't help it. But if it has not, then I can think of three approaches to follow -

1) I can connect to db (webpages_Membership) and get corresponding password, decrypt and then attempt to login.

2) I can store the hashed password with the cookie and retrieve it and login.

3) I can store the hashed password in UserProfile table and as I already have a dbset in my code, I can use it to query and login.

I am new to ASP.NET MVC and a little confused about which is the right approach for me. If there are any in-built functions to retrieve passwords, please let me know.

Sam
  • 4,302
  • 12
  • 40
  • 74
  • Take a look at these http://www.asp.net/identity . You can set cookie expiration time and so on... – RandomBoy Nov 25 '14 at 19:16
  • if ASPXAUTH cookie is present then the user is automatically authenticated and no extra steps are needed. It is how forms authentication works by default. – Marian Ban Nov 25 '14 at 19:20
  • @MajoB It is not working for me that way. Do I need any configuration setup or anything else for it to work? – Sam Nov 25 '14 at 19:25
  • @Sam how to implement custom form authentication: http://stackoverflow.com/questions/2329197/custom-form-authentication-authorization-scheme-in-asp-net-mvc – Marian Ban Nov 25 '14 at 19:40

0 Answers0