Clever Geek Handbook

Asp: Logging in with LayoutTemplate creates a persistent cookie no matter if remember me checked

Using .NET 4 and an asp.net login control with a custom layout template on login, whether the Remember me checkbox is checked or not, the control seems to create an authentication cookie and allow me to login until then until I explicitly exit by pressing the shutdown button. Closing the browser while recording is not signed yet.

Can someone explain what might be causing this?

<asp:Login ID="Login1" runat="server" OnLoggingIn="Login1_LoggingIn" OnLoggedIn="Login1_LoggedIn" OnLoginError="Login1_LoginError">
    <LayoutTemplate>
        <asp:Panel runat="server" DefaultButton="btnLogin">
            <label>Email</label>&nbsp;<div class="required">*</div>&nbsp;
            <asp:RequiredFieldValidator runat="server" ControlToValidate="UserName" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
            <asp:TextBox runat="server" ID="UserName" class="input" ValidationGroup="Login" />
            <label>Password</label>&nbsp;<div class="required">*</div>&nbsp;
            <asp:RequiredFieldValidator runat="server" ControlToValidate="Password" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
            <asp:TextBox runat="server" ID="Password" TextMode="Password" class="input" style="margin:0 0 6px 0;" ValidationGroup="Login" />
            <asp:Checkbox runat="server" ID="RememberMe" Text="Remember me" CssClass="remember-me" />
            <asp:LinkButton runat="server" ID="btnLogin" CommandName="Login" Text="Sign In" CssClass="login-button" ValidationGroup="Login" />
        </asp:Panel>
    </LayoutTemplate>
</asp:Login>


protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
    string username = Login1.UserName.Trim();

    if (IsValid)
    { 
        MembershipUser user1 = Membership.GetUser(username);
        if (user1 != null)
        {
            if (Membership.ValidateUser(user1.UserName, Login1.Password))
            { 
                Login1.UserName = user1.UserName;
            }
        }
    }


protected void Login1_LoggedIn(object sender, EventArgs e)
{
    if (Roles.IsUserInRole(Login1.UserName, "Users"))
    {
        Response.Redirect("users.aspx", true);
    }

<authentication mode="Forms">
    <forms timeout="129600" name=".AUTHCOOKIE" protection="All" slidingExpiration="true" path="/" requireSSL="false" loginUrl="~/login.aspx" cookieless="UseCookies"/>
</authentication>
+3


source to share


1 answer


Got your answer ... finally geez!

Login.aspx:

    <asp:Login ID="Login1" runat="server" OnLoggingIn="Login1_LoggingIn">
        <LayoutTemplate>
            <asp:Panel runat="server" DefaultButton="btnLogin">
                <label>Email</label>&nbsp;<div class="required">*</div>
                &nbsp;
    <asp:RequiredFieldValidator runat="server" ControlToValidate="UserName" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
                <asp:TextBox runat="server" ID="UserName" class="input" ValidationGroup="Login" />
                <label>Password</label>&nbsp;<div class="required">*</div>
                &nbsp;
    <asp:RequiredFieldValidator runat="server" ControlToValidate="Password" Display="Dynamic" ErrorMessage="Required" InitialValue="" SetFocusOnError="true" ValidationGroup="Login" /><br />
                <asp:TextBox runat="server" ID="Password" TextMode="Password" class="input" Style="margin: 0 0 6px 0;" ValidationGroup="Login" />
                <asp:CheckBox runat="server" ID="RememberMe" Text="Remember me" CssClass="remember-me" />
                <asp:LinkButton runat="server" ID="btnLogin" CommandName="Login" Text="Sign In" CssClass="login-button" ValidationGroup="Login" />
            </asp:Panel>
        </LayoutTemplate>
    </asp:Login>

Login.aspx.cs

protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
    if (IsValid)
    {
        if (FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
        {
            FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
        }
    }
}

Web.config:



<authentication mode="Forms">
    <forms timeout="129600" name=".AUTHCOOKIE" protection="All" slidingExpiration="true" path="/" requireSSL="false" loginUrl="~/login.aspx" cookieless="UseCookies">
        <credentials passwordFormat="Clear">
            <user name="test" password="test"/>
        </credentials>
    </forms>
</authentication>

Additional Notes:

In my web app I have a folder called "Protected" and a file inside "Users.aspx" and another file called Web.Config. Web.config inside the "Protected" folder has the following features: deny anonymous users and allow only the "test" user:

<configuration>
    <system.web>
        <authorization>
            <deny users="?"/>
            <allow users="test"/>
        </authorization>
    </system.web>
</configuration>

I closed all my chrome instances after logging in and then went to users.aspx page and of course you were asked to log in again! I know this code is not exactly what you have, but you should be able to change your code to accept that.

0


source






More articles:


All Articles