Home/ Questions/Q 6335187
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T18:48:27+00:00

I just set up my MVC application with forms authentication and everything is just

  • 0

I just set up my MVC application with forms authentication and everything is just dandy except for my _LogOnPartial view. The “Welcome [Log Off]” works fine, however, I also have Role specific text or drop-down selector that needs to be displayed depending on the user’s role.

This works fine as long as the user has logged in during the current session because I use cookies to hold the role and verify with User.IsInRole() in the Controller before any actions occur.

This does not work if the user selects “Remember me” because when the session starts, there is no cookie containing the role, and thus the visible items.

Is there an easy way to check User.IsInRole()in a partial view?

Here is my View:

<div id="LogInContainer">
    @if (Request.IsAuthenticated)
    {
        <div class="InLine" id="WelcomeDisplay">
            <text>Welcome <b>@Context.User.Identity.Name</b>! [ @Html.ActionLink("Log Off", "LogOff", "Account")
            ]
            </text>
        </div>
        <div id="clientDropDown">
            @{

        var requestCookie = Request.Cookies["Role"];
        if (requestCookie != null)
        {
            if (requestCookie.Value == "Client1")
            {
                HttpCookie joannCookie = new HttpCookie("Client", "Client1");
                Response.Cookies.Add(Client1Cookie);
                <text>Client: Client1</text>
            }
            else if (requestCookie.Value == "Client2")
            {
                HttpCookie safewayCookie = new HttpCookie("Client", "Client2");
                Response.Cookies.Add(Client2Cookie); 
                <text>Client: Client2</text>
            }
            else if (requestCookie.Value == "Administrator")
            {
                @:Client: @Html.DropDownList("Client", new SelectList(ConfigurationHelper.Clients))
                }
        }
        else
        {
            //Do nothing
        }
            }
        </div>
    }
    else
    {
        <div id="LogOnLink">
            [ @Html.ActionLink("Log On", "LogOn", "Account") ]
        </div>
    }
</div>

Is there a way to make nonauth cookies persistent? I’m new to cookies so I may just be ignorant, but I tried a google search with no luck.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Set the expiration of the cookie to a future date to make it persistent. If you don’t set the expiration date it is a so called “session cookie” or “non-persistent” cookie that is not stored on disk by the browser and kept only as long as you use the same browser session. If you want to keep the cookie “forever” you still have to pick a date, the only thing you can do is that you pick an expiration date “far enough” in the future (e.g. the current date plus a big constant time span).

    However, you should be very careful about storing authentication or authorization information in a persistent cookie! By default ASP.NET uses session cookies for authentication, because persisting such a cookie is a serious security risk.

    • 0