2

I'm trying to get forms authentication working for an mvc site. I have a custom database with a users table, and I would like to do my own password validation.

I am logging in my user like this:

if (PasswordHasher.Hash(password) == dataUser.Password)
{
   FormsAuthentication.SetAuthCookie(email, true);
   return true;
}

The problem is, when the session expires obviously the user has to login again.

I am thinking I should be storing this Auth cookie in my users table?

Update: I'm obviously in desperate need of more education in this area. I just noticed that the user stays authenticated even after an iisreset.

I guess what I'm asking is how can I get persistent and non persistent authentication working properly. I want a user to not have to login again if they click "remember", and if they don't then their authentication should expire when the forms authentication is set to expire.

Improve this question
2
  • 1
    Can you clarify your question? How do you store a cookie in a database table? Commented May 24, 2010 at 18:47
  • What I was thinking was that I would need some way to associate the forms authentication cookie with something in my database, in the case of an app restart. Commented May 24, 2010 at 19:06

2 Answers 2

Reset to default
1

Turns out I forgot to put my variable in the second argument of the SetAuthCookie method. It was always sending true for the "persistent" argument. FML.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I'd recommend implementing a custom Membership Provider so you can leverage the existing controls or patterns that are out there for the existing membership providers.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.