automatic site login...

Discussion in 'ASP .Net Security' started by Jim, Sep 24, 2003.

  1. Jim

    Jim Guest

    I have an asp.net site and I want to provide automatic login when a user
    returns to my site, similar to amazon.com.

    Currently my site authenticates the user and generates a token when the user
    has been validated, this token is unique per login and is valid unitl the
    user logouts or their session has timed out.

    How would I achieve automatic login? Do I have to store the username and
    password in the cookie?

    please advise....

    Cheers in advance

    Earth Worm Jim
     
    Jim, Sep 24, 2003
    #1
    1. Advertising

  2. You can store the user information into a cookie.
    But remember to recreate the value of the cookie, because
    if someone grabs the cookie, they can use it to login. Do
    not save passwords in the cookie. I should create a
    encrypted key and recreate this key every 10 minutes.
    This key could also be stored in a service or data base,
    so when a user want access to a site, the key is
    retrieved from the cookie and verified against the
    services or data base.

    You can also take a look at Forms authentication in
    ASP.Net.

    /Fredrik Normén NSQUARED2

    >-----Original Message-----
    >I have an asp.net site and I want to provide automatic

    login when a user
    >returns to my site, similar to amazon.com.
    >
    >Currently my site authenticates the user and generates a

    token when the user
    >has been validated, this token is unique per login and

    is valid unitl the
    >user logouts or their session has timed out.
    >
    >How would I achieve automatic login? Do I have to store

    the username and
    >password in the cookie?
    >
    >please advise....
    >
    >Cheers in advance
    >
    >Earth Worm Jim
    >
    >
    >
    >
    >
    >.
    >
     
    Fredrik Normén NSQUARED, Sep 24, 2003
    #2
    1. Advertising

  3. Jim

    Jim Guest

    thanks for the answer, but the answer is not really acceptable.....

    FYI

    I use Active Directory behind a web service to validate my users, thus not
    having to have a database to store my user accounts on a machine, and I DO
    NOT want to start creating tables in a database that relate to user security
    settings and user logon status.

    cheers

    Jim






    "Fredrik Normén NSQUARED" <> wrote in message
    news:1d5c01c38299$c802f4f0$...
    You can store the user information into a cookie.
    But remember to recreate the value of the cookie, because
    if someone grabs the cookie, they can use it to login. Do
    not save passwords in the cookie. I should create a
    encrypted key and recreate this key every 10 minutes.
    This key could also be stored in a service or data base,
    so when a user want access to a site, the key is
    retrieved from the cookie and verified against the
    services or data base.

    You can also take a look at Forms authentication in
    ASP.Net.

    /Fredrik Normén NSQUARED2

    >-----Original Message-----
    >I have an asp.net site and I want to provide automatic

    login when a user
    >returns to my site, similar to amazon.com.
    >
    >Currently my site authenticates the user and generates a

    token when the user
    >has been validated, this token is unique per login and

    is valid unitl the
    >user logouts or their session has timed out.
    >
    >How would I achieve automatic login? Do I have to store

    the username and
    >password in the cookie?
    >
    >please advise....
    >
    >Cheers in advance
    >
    >Earth Worm Jim
    >
    >
    >
    >
    >
    >.
    >
     
    Jim, Sep 24, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim

    automatic site login...

    Jim, Sep 24, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    664
    -=Chris=-
    Sep 24, 2003
  2. A.M

    Automatic login

    A.M, Apr 8, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    5,561
  3. Guest
    Replies:
    1
    Views:
    792
    Guest
    Jun 29, 2004
  4. hennakapoor

    Automatic login a website

    hennakapoor, Jan 19, 2005, in forum: Java
    Replies:
    6
    Views:
    21,334
    chetansehgal
    Apr 1, 2008
  5. BradM
    Replies:
    2
    Views:
    718
    BradM
    May 30, 2007
Loading...

Share This Page