Home/ Questions/Q 9270847
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T15:28:18+00:00

First off, I am not using Forms Authentication. I found a great tutorial that

  • 0

First off, I am not using Forms Authentication.

I found a great tutorial that almost does what I want:
http://www.codeproject.com/Questions/358434/Keep-me-signed-in-until-Loggged-out

The only problem is that it does not seem like a good idea. It stores the username in the cookie. That seems very bad.

How could I do something like this tutorial but in a safe way?

I essentially just want this basic flow:

if user logged in then show page

User can have the option of being logged in for the session (30 mins of inactivity) or until they choose to explicitly logout.

I have a feeling I will need a session table in my db for this, but I am not sure.

It doesn’t have to be top of the line security since this is for an intranet, but I do still want it to be somewhat safe.

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Easiest way is in your Login function, once you have verified them just add:

    FormsAuthentication.SetAuthCookie(theUserName, persistCookieBoolean);

    Now you have an authentication cookie set. No encrypting or decrypting needed. Get the username like:

    HttpContext.Current.User.Identity.Name

    And see if they are logged in:

    HttpContext.Current.User.Identity.IsAuthenticated

    And now you can set authorization easily in the web.config too. Related post: Manual Access control in ASP .Net

    • 0