How to implement a automatic login function

You should be able to use the authentication API from the
FormsAuthentica tion class to add/revoke a cookie for sign in status easily.
Have a look at this for example:
http://msdn2.microsoft.com/en-us/lib...uthcookie.aspx

--
~~~~~~~~~~~
Ben Rush
http://www.ben-rush.net/blog
"Victor" <vi****@noemail .noemailwrote in message
news:eS******** ******@TK2MSFTN GP06.phx.gbl...

hi guys.
In my project, now I am using a asp.net login control and a customized
membership provider to do the form authentication. Now I want some
function that user can skip the login form and be authenticated and login
the system automatically base on the username and password already in the
session. Is that possible to do ? and how to do it?

Cheers
Victor

Hi Victor,

From your description, you want to add a code function that can help
automatically make a user loggedIn without interactive operation through
the login page, correct?

As Ben has suggested, ASP.NET forms authentication provide API for us to
programmaticall y do the authentication, and make a user turn from
unauthenticated to authenticated status. For example, the following two
methods can help make the current user loggedIn(by passing a username and
boolean parameter)

#FormsAuthentic ation.RedirectF romLoginPage Method
http://msdn2.microsoft.com/en-us/lib...ormsauthentica
tion.redirectfr omloginpage.asp x

#FormsAuthentic ation.SetAuthCo okie Method
http://msdn2.microsoft.com/en-us/lib...ormsauthentica
tion.setauthcoo kie.aspx

BTW, I'm still wondering your exactly code logic and scenario in the
application, as you said that the username/password is in the session,
then, how will you store username/password in session? password should
never be persisted in memory after login/authentication.

Anyway, if you have anything unclear or anything we missed, please feel
free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

=============== =============== =============== =====

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

=============== =============== =============== =====

This posting is provided "AS IS" with no warranties, and confers no rights.

I am not sure I understand you.

Do you mean:

1. User signed in once and has come back to the site? If so, set the
persistence flag to true and the cookie will live on across all sessions.
2. User has signed in and is now surfing other pages? If so, you need to do
nothing, as the user will be signed in.
3. User has signed into another site in your domain and you wish to allow
him to hit all sites? If so, set the machines keys to the same value on all
of your sites and call the cookie, explicitly, by the same name - all in
config file. NOTE: You will not be able to switch stored session values from
site to site.
4. You want certain users to be able to fake the login and be authenticated
with another account? This can be done with the API, but how are you going
to identify those users? Think this through carefully, as it is quite easy
for a hacker to figure out he can use your site with querystrings, if that
is your method of bypassing security. If you do not like the API, you can
create MembershipUser objects and attach to an ongoing session. That will
log them in, this time.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************** *************** ***************
Think outside the box!
*************** *************** ***************
"Victor" <vi****@noemail .noemailwrote in message
news:eS******** ******@TK2MSFTN GP06.phx.gbl...

hi guys.
In my project, now I am using a asp.net login control and a customized
membership provider to do the form authentication. Now I want some
function that user can skip the login form and be authenticated and login
the system automatically base on the username and password already in the
session. Is that possible to do ? and how to do it?

Cheers
Victor

Hi Victor,

Have you got any progress or idea on this issue or does the suggesetion in
our previous message help some? If you have any further question on this,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

On Apr 5, 3:44 am, stch...@online. microsoft.com (Steven Cheng[MSFT])
wrote:

Hi Victor,

Have you got any progress or idea on this issue or does the suggesetion in
our previous message help some? If you have any further question on this,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

I'm not sure if my issue is the same as Victor's but i need to send
the username and password via a post to the site's initial page so
that the user can be authenticated as if he had used a login control
but skip the login process altogether.

Ideally all this can be done so that the username and password is not
sent in clear text. However we are willing to use SSL if necessary.

How can a post request be fed to whatever class the login control
feeds programmatially to obtain the same authenticated result?

Thanks,

Hi Rob,

Thanks for your input.

I think what you want to do is a bit different. What you want to do is like
a web client which programmaticall y send http post request to send login
credentials and pass the login page at server-side, just like many web
crawler does, correct?

For programmaticall y post http form data (through webrequest component in
..net), here are some useful web links:

#ASP.NET: Post Data Programmaticall y with "Webscrapin g"
http://www.developer.com/net/asp/article.php/3645506

#Programmatical ly Posting Data to ASP .NET Web Applications
http://dndj.sys-con.com/read/45127.htm

#Https form post using Httpwebrequest brings back the same page.
http://www.thescripts.com/forum/thread591965.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

On Apr 5, 9:27 pm, stch...@online. microsoft.com (Steven Cheng[MSFT])
wrote:

Hi Rob,

Thanks for your input.

I think what you want to do is a bit different. What you want to do is like
a web client which programmaticall y send http post request to send login
credentials and pass the login page at server-side, just like many web
crawler does, correct?

For programmaticall y post http form data (through webrequest component in
.net), here are some useful web links:

#ASP.NET: Post Data Programmaticall y with "Webscraping"ht tp://www.developer.c om/net/asp/article.php/3645506

#Programmatical ly Posting Data to ASP .NET Web Applicationshtt p://dndj.sys-con.com/read/45127.htm

#Https form post using Httpwebrequest brings back the same page.http://www.thescripts.com/forum/thread591965.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for the reply Steven,

Unfortunately, this is not what I am after.

I am simply trying to simulate a normal login. At the moment the site
uses the login control connected to the Membership class. Under a
normal login the CurrentUser is associated with the current session
and can be picked up on any page by Membership.GetU ser(). As per your
suggestion earlier in this thread I've been able to pass in the
username and password via a post and authenticate using the
following.

If Membership.Vali dateUser(UserNa me, Password) Then
FormsAuthentica tion.RedirectFr omLoginPage(Use rName, True)

At least I think it authenticates because no error is returned but I
can't really know for sure because I can pickup up the current user
name in the normal way as follows:

Dim CurrentUser As MembershipUser = Membership.GetU ser()
Message.Text = "Login Successfull. User = " & CurrentUser.Use rName

In this case Membership.GetU ser() returns a null.

Regards,

RobGMiller

Hi Victor,

Have you got any further idea on this issue? If there is anything else we
can help, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

I've to programmaticall y login to a third party web app (Tomcat/apache) and
take the user to a landing page. I am able to programatically login
succesfullly but I am not able to redirect the browser to the landing page.
If I look at the logs on Tomcat side, I see the cookies are getting lost
somewhere even though I pass the cookies between successive requests. I would
appreciate any comments or suggestion rgeading how to take the user
successfully to the landing page.

string url = "http://10.112.60.86:80 80/PCC/servlet/tpservlet";
HttpWebRequest req = (HttpWebRequest )WebRequest.Cre ate(url);
CookieContainer CookieC = new CookieContainer ();

string data =
String.Format(" USERID={0}&tran sactiontype={2} &FIID={3}&AUTHE NTICATIONURL={4 }&TARGET={5}" ,
"DDBDB3099C5C04 D36B91C0EA786C0 996", "729E13B7AFB577 96A30",
"UserInqAuthAct ionBean", "1111",
"http://atl50test2/CLKPCB/111111118/Site/TransfersPaymen ts/opserror.asp",
"BillPay.viewPa yees");
byte[] buffer = Encoding.UTF8.G etBytes(data);
req.AllowAutoRe direct = false;
req.KeepAlive = true;
req.Method = "POST";
req.ContentType = "applicatio n/x-www-form-urlencoded";
req.ContentLeng th = buffer.Length;
req.UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
..NET CLR 1.1.4322; .NET CLR 2.0.50727)";
req.CookieConta iner = CookieC;

Stream reqst = req.GetRequestS tream(); // add form data to request
stream
reqst.Write(buf fer, 0, buffer.Length);
reqst.Flush();
reqst.Close();

HttpWebResponse res = (HttpWebRespons e)req.GetRespon se();
string landingpage= res.Headers["Location"];
CookieC.Add(res .Cookies);
foreach (Cookie cook in CookieC.GetCook ies(req.Request Uri))
{
HttpCookie cookie = new HttpCookie(cook .Name);
cookie.Name = cook.Name;
cookie.Value = cook.Value;
cookie.Domain = cook.Domain;
cookie.Expires = cook.Expires;
cookie.Path = cook.Path;
cookie.Secure = cook.Secure;

String str = String.Format(" Name {0}: Value {1}: Domain
{2}<BR>", cookie.Name, cookie.Value, cookie.Domain);
HttpContext.Cur rent.Response.A ppendCookie(coo kie);

}
//This statement fails
HttpContext.Cur rent.Response.R edirect(landing page);

I have to do the similar thing like automatically login to a third pary web

"Steven Cheng[MSFT]" wrote:

Hi Victor,

Have you got any further idea on this issue? If there is anything else we
can help, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.