Reputation: 11911
Authenticate without username and password
I have a database table with 4 columns (email, token, tokenDate (DateTime), isOnline (bool))
What I am trying to do in ASP.NET MVC is have an application where the user goes to a page like this Home/[email protected] and when they goto the page, they are login, now what I could do it when they goto the page is this:
- Find the user in the database table
- Mark
isOnlineto true - Set the
tokenDatetoDateTime.Now - Create a random
tokenand set that as token - Create a web cookie with the same value as token
And when someone else (or the same person) with the same email tries to goto the page
- Find the user in the database table
- If
isOnlineis marked astrueand the cookie does not exist and if it does check against the one in the database, if fails boot them out, if success, they can enter.
My question is what token would I want to create so they original user is still authenticated so if they close their browser or goto another page they can still goto the main page where they authenticated?
Upvotes: 0
Views: 725
Answers (1)
Reputation: 6607
User goes to a page like this Home/[email protected] or User Types email in a text box
STEP 1:
- Find the user in the database table if doesn't exist take to access denied page.
- If exist Mark isOnline to true.
- Set the tokenDate to.
DateTime.UtcNowso that you can display later into local time of user. - Create a random token using GUID and set that as token in database.
- Create a cookie to store multiple values one with the GUID value as token and another would be user email then set cookie expiry to years so doesn't expire even if user closes the browser.
Step 2:
Now when user goes to Home/SomeOtherPage or the authentication page Home/[email protected]
Check if cookie with the name exist , if exist get the email and token values from cookie and check against the value in database , if token matches for the email then user is authenticated.
Edit cookie and Set another value in cookie saying if user is authenticated, So next time when user visits check the value of authenticated as this would eliminate hitting database again if user visit pages again.
Note:
It would be better if you could encrypt the email while setting it in the cookie.
Upvotes: 1
Related Questions
- ASP.NET MVC Identity login without password
- How to implement simple authentication in ASP.NET MVC 5
- .NET MVC 6 Simple Authentication without database
- MVC Authentication - Easiest Way
- Authenticate a USER in Asp.net MVC 5 without password
- Simple temporary authentication without a username or password
- User Authenication without usernames and passwords
- How to authenticate user without login
- Sort of Login without database
- Simple Authentication