Re: How to implement a automatic login function

I am not sure I understand you.

Do you mean:

1. User signed in once and has come back to the site? If so, set the persistence flag to true and the cookie will live on across all sessions.
2. User has signed in and is now surfing other pages? If so, you need to do nothing, as the user will be signed in.
3. User has signed into another site in your domain and you wish to allow him to hit all sites? If so, set the machines keys to the same value on all of your sites and call the cookie, explicitly, by the same name - all in config file. NOTE: You will not be able to switch stored session values from site to site.
4. You want certain users to be able to fake the login and be authenticated with another account? This can be done with the API, but how are you going to identify those users? Think this through carefully, as it is quite easy for a hacker to figure out he can use your site with querystrings, if that is your method of bypassing security. If you do not like the API, you can create MembershipUser objects and attach to an ongoing session. That will log them in, this time.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*********************************************
Think outside the box!
*********************************************
"Victor" <victor@xxxxxxxxxxxxxxx> wrote in message news:eSk9IDLdHHA.1312@xxxxxxxxxxxxxxxxxxxxxxx
hi guys.
In my project, now I am using a asp.net login control and a customized membership provider to do the form authentication. Now I want some function that user can skip the login form and be authenticated and login the system automatically base on the username and password already in the session. Is that possible to do ? and how to do it?

Cheers
Victor


.

Relevant Pages

  • Re: Force Relogin. IIS6, ASP.NET app, IE6+ browser
    ... now it appears you are suggesting I either write a custom authentication ... cookies/tokens involved; IIS has no idea what a session is; IIS does ... not prompt with a login dialog. ... The problem you face is that a browser will automatically attempt ...
    (microsoft.public.inetserver.iis.security)
  • Re: Forms authentication BIG issue
    ... Forms authentication does not relate to session at all, except that they both use cookies to track the user, so changing session will have no effect on the forms authentication. ... I'd suggest on your login page to check to see if the user is logged in and if so show their current login on the form. ... I hit some* "server side" link button or button (or any other ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: OnLoggedIn/OnLoggedOut - not session?
    ... licence a web app based per concurrent users... ... state and login state MUST be distinct. ... A way to know when a forms authentication ticket expires. ... Session object and the authentication session is I am logged in. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Need to know when user logs in again.
    ... Why not do it in the Login page before you redirect after a successful ... Neither Session start nor that global.asax event are appropriate for this ... > I have a forms based authentication. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How to implement a automatic login function
    ... You should be able to use the authentication API from the ... FormsAuthentication class to add/revoke a cookie for sign in status easily. ... now I am using a asp.net login control and a customized ... membership provider to do the form authentication. ...
    (microsoft.public.dotnet.framework.aspnet)