Friday, October 17, 2014

Permanent Login Session in ASP.NET using Forms Authentication

The configuration of form authentication resides in web.config file which has the following configuration-file fragment with the assigned values.
<authentication mode="Forms">
      <forms loginUrl="LogIn.aspx" 
             protection="All"
             timeout="1"
             name=".USERLOGINAUTH"
             path="/"
             requireSSL="false"
             slidingExpiration="true"
             defaultUrl="Default.aspx"
             cookieless="UseDeviceProfile"/>
</authentication>


Properties described below

PropertyDescriptionDefault Value
loginUrl
Points to your application's custom logon page.

protection

Gets or sets the encryption type used to encrypt the cookie.
This causes the cookie to be encrypted using the algorithm specified on the machineKey element, and to be signed using the hashing algorithm that is also specified on the machineKey element.
All
timeout
Used to specify a limited lifetime for the forms authentication session. The default value is 30 minutes. If a persistent forms authentication cookie is issued, the timeout attribute is also used to set the lifetime of the persistent cookie.
30
name
Gets or sets the cookie name.
.ASPXAUTH
path
Gets or sets the cookie path.
/
requireSSL
Gets or sets a value indicating whether a Secure Sockets Layer (SSL) connection is required when transmitting authentication information.
If you are concerned about session hijacking, you should consider setting requireSSL to true.
false
slidingExpiration
When the SlidingExpiration is set to true, the time interval during which the authentication cookie is valid is reset to the expiration Timeout property value. This happens if the user browses after half of the timeout has expired.
For example, if you set an expiration of 20 minutes by using sliding expiration, a user can visit the site at 2:00 PM and receive a cookie that is set to expire at 2:20 PM. The expiration is only updated if the user visits the site after 2:10 PM. If the user visits the site at 2:09 PM, the cookie is not updated because half of the expiration time has not passed. If the user then waits 12 minutes, visiting the site at 2:21 PM, the cookie will be expired.
true
defaultUrl
The URL to which to redirect the request after authentication.

default.aspx
cookieless
The Cookieless property defines whether forms-based authentication should use a cookie to exchange user information.
UseDeviceProfile

Create authentication ticket while login

Below code is used in login page or control on the click of login button. This function validates the login of the user and then add a permanent form authentication ticket to the browser.

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
      1,
      Username,
      DateTime.Now,
      DateTime.MaxValue,
      true,
      Password,
      FormsAuthentication.FormsCookiePath);

// Encrypt the cookie using the machine key for secure transport
string encUserAuthTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encUserAuthTicket); // Hashed ticket

// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

// Add the cookie to the list for outgoing response
context.Response.Cookies.Add(cookie);

FormsAuthentication.SetAuthCookie(Username, true);


FormsAuthentication.SetAuthCookie
This method creates an authentication ticket for the supplied user name and adds it to the cookies collection of the response, or to the URL if you are using cookieless authentication. The first overload of this function has two parameters:

  • userName: The name of the authenticated user
  • createPersisntentCookie: True to create a persistent cookie (one that is saved across browser sessions); otherwise, false.

This method add a cookie or persistent cookie to the browser with an expire time set in "timeOut" parameter with the name and path set in "name" and "path" parameter. The user will be automatically logged out once the cookie is expired. So the user login session depends on the expire of forms authentication ticket saved in browser cookie. Here, I will create a permanent user login session using this technique.

Happy coding…

Thursday, February 27, 2014

Setting the Initial Focus for User Control’s Textbox in WPF ModalDialog

Below is the code for setting focus to user control’s textbox which is loaded as modaldialog in WPF.

public MyUserControl()
{
InitializeComponent();
FocusManager.SetFocusedElement(this, txtQuantity);

}


Happy coding…