Reputation: 101
Using "Remember Me" functionality for authentication in .NET 2.0
My client wants me to enable a "Remember Me" checkbox when the user logs in. I am encrypting and storing both the username and password in a cookie.
However, you cannot write to a textbox when it's in password mode.
I've seen this done numerous times, so how are they doing it?
thanks in advance!
Upvotes: 8
Views: 1041
Answers (8)
Reputation: 18819
How about instead of inserting the text into the login form, you just bypass the form completely and check the contents of the cookie right at the login page? Less work for the user, and it'll make it a little more seamless.
Upvotes: 8
Reputation: 67360
Is it possible for the text box to have the type changed? If so, can you make the text box normal and hidden, then put the password in there, then change the text box type to password type, then unhide it...
Upvotes: 0
Reputation:
Thatz quite straight forward, try using:
txtPass.Attributes["value"] = "123456"; (most probably on the page load event handler)
where txtPass is the id of the password textbox (in password mode). and the password u want displayed is 123456.
Upvotes: 0
Reputation: 4088
If your server-side code has access to their username and password from the cookie, then can't your page just populate the value attributes of the form fields like so:
<input type="text" name="username" value="<%=decryptedUsername%>" />
<input type="password" value="<%=decryptedPassword%>" />
Of course, this is pretty un-secure as you're echo-ing the users password back to them in plain-text (which is a big no-no). But as you say your client isn't that bothered about the security implications. If they are then SSL may help mitigate this risk.
Upvotes: 1
Reputation: 1851
I don't recall any web page doing something like that as you described but I think it's the web browsers automatically filling passwords. I know this is not a good solution but what you can do might be, setting the text of o normal textbox with stars or something like that in a different login page if there is a cookie to authenticate the user. You don't need to use the password from the textbox to authenticate the user anyway.
Upvotes: 1
Reputation: 101
They don't want the user to automatically be logged in they just want the usernamd and password field pre-filled in.
I know it's stupid and the same thing as keeping you logged in, but it's their request.
I've mentioned that it's not the best security practice but they don't care.
sites like myspace use it, wher eyou go to myspace.com and your usernamd and password are already filled in.
Upvotes: 1
Reputation: 30161
Page_Load( ...)
{
... process cookie ...
if (cookie is good) Response.Redirect("content.aspx");
}
Just remember to close and dispose any database activity before redirecting.
Upvotes: 2
Reputation: 6808
You can set the expiration of the cookie in 2 weeks to keep the user logged in. That's how ASP.NET authentication works with persistent authentication. Remember to update the expiration on every request.
Upvotes: 0
Related Questions
- Why is ASP.NET Remember Me Feature so Forgetful?
- How to handle "Remember me" in the Asp.Net Membership Provider
- ASP.NET web api "Remember Me" functionality using cookies
- Remember me functionality in ASP.NET Form Authentication doesn't work
- ASP.NET and cookies for remember functionality
- asp.net "Remember Me" cookie
- Implementing "Remember me" Functionality in ASP.NET
- Remember me in Login with Cookies
- Adding a "remember me" box to an asp login form
- remember me in login form