The default forms authentication timeout value is set on 30 minutes. Increasing the ASP.NET Membership-Cookie Timeout is most easily possible by setting the timeout attribute in the web.config:
<authentication mode="Forms">
<forms name="ApplicationLogin" loginUrl="Login.aspx" path="/" protection="All" timeout="10080">
</forms>
timeout=”10080″ is meassured in minutes, meaning we got a timeout of 10080 minutes here.
If you don’t want to set the forms timeout value that high you have to give up on the standard login controls supplied with ASP.NET 2.0. Here’s what you have to do:
1) Create a custom Login Page aka Login.aspx, this is just an example:
4 <asp:Panel ID=”Panel1″ runat=”server” DefaultButton=”Button1″>
5 <div align=”center”>
6 User: <br />
7 <asp:TextBox ID=”TextUser” runat=”server”></asp:TextBox>
8 <br />
9 Password:<br />
10 <asp:TextBox ID=”TextPass” runat=”server” TextMode=”Password”></asp:TextBox>
11 <br />
12 <asp:CheckBox ID=”CheckBox1″ runat=”server” Checked=”True” />
13 <asp:Button ID=”Button1″ runat=”server” Text=”Login” OnClick=”Button1_Click” /><br /><br />
14 <asp:Literal ID=”Literal1″ runat=”server”></asp:Literal>
15 </div>
16 </asp:Panel>
2) Create a new class auth.cs and add the following:
43 public static bool CheckLogins(string UserName, string Password)
44 {
45 if (Membership.ValidateUser(UserName, Password))
46 {
47 return true;
48 }
49 else
50 {
51 return false;
52 }
53
54 return false;
55 }
75 public static bool CreateTicket(string UserName, bool StayLoggedIn, string Type, DateTime CookieTime)
76 {
77 FormsAuthentication.Initialize();
78
79 // Create a new ticket used for authentication
80 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName, DateTime.Now, CookieTime, StayLoggedIn, Type, FormsAuthentication.FormsCookiePath);
81
82 string hash = FormsAuthentication.Encrypt(ticket);
83 HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
84
85 if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
86
87 HttpContext.Current.Response.Cookies.Add(cookie);
88
89 return true;
90 }
3) Now insert this into the button click event routine of Login.aspx:
43 public static bool CheckLogins(string UserName, string Password)
44 {
45 if (auth.CheckLogins(TextUser.Text, TextPass.Text))
46 {
47 auth.CreateTicket(TextUser.Text, CheckBox1.Checked, “Regged”, DateTime.Now.AddDays(350));
48 }
49 }
Note: “Regged” indicates the UserRole in this case. You just added a Cookie with a timeout of 350 days now. This was just a rough example, of course you still have to add some kind of notice if the login failed and so on.
4 comments ↓
Hi,
Thanks for good article.
Keep it up.
Good job. Thanks for helping.
Abbas
[…] to Andreas Kraus for the FormsAuthenticationTicket […]
[…] création d’un cookie (createTicket) […]
Leave a Comment