Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jhermiz
3564 Posts |
 Posted - 2004-09-16 : 17:03:55
|
I asked this before and I still haven't found much luck on implementing a "Remember My Password" feature in this web app.I finally got my login screen, got functions to register (become a user), and even retreiving forgotten passwords. But none of these involved cookies (mmmmm). Now I still have this last portion of this login screen which is the remember my password.Some details:vb.net / asp.netusing sql 2k backenduser names and passwords are stored in a table on our sql serverim not using the <credentials> tag in the web.config file to list users. So I want to implement this Remember Me which when the user makes a request to the site he / she is auto logged in to the main site rather than logging in. I don't know how to do this though...I've googled it and found examples on cookies and what not but no real explanations or good working code.Can someone pretty pretty please get me going Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
timmy
Master Smack Fu Yak Hacker
1242 Posts |
Posted - 2004-09-16 : 19:19:29
|
| The only effective way you can implement a 'remember me' is to use cookies. You can maintain sessions without using cookies, but the user still needs to log in first. Some sites (Amazon are a good example) use URL-rewriting instead of cookies to maintain session state. |
 |
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2004-09-16 : 20:39:39
|
| Hi JonI saw your question the other day but had a lot going on...Are you using ASP.NET's Forms Authentication module ? If so, it's fairly easy...If you call FormsAuthentication.RedirectFromLoginPage to set the username in an encrypted cookie, place a "true" as the second parameter, i.e. FormsAuthentication.RedirectFromLoginPage(username, true) and the cookie will persist across browser sessions.Damian |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-17 : 08:26:47
|
| Hi Damian,Thank you for responding...I guess to answer your question I thought I was but I'm not quite certain. My user names and passwords are stored in a table. Is it possible that this would mean I am using Forms authentication ?Sorry for being a bit clueless on this, I will admit I'm trying to learn and I definately don't know it :).I know I read you can set credentials in the web.config file but I did not want to store user names and passwords in this file.Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-17 : 08:33:13
|
quote:
Originally posted by Merkin
Hi JonI saw your question the other day but had a lot going on...Are you using ASP.NET's Forms Authentication module ? If so, it's fairly easy...If you call FormsAuthentication.RedirectFromLoginPage to set the username in an encrypted cookie, place a "true" as the second parameter, i.e. FormsAuthentication.RedirectFromLoginPage(username, true) and the cookie will persist across browser sessions.Damian
Damian,Another question I had was does this mean upon next login they can auto login without entering user name and passwords ?Where do I find this cookie or what is the cookie name?Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-17 : 08:37:08
|
If it helps here is my vb.net code portion:<%@ Page Language="VB" %><%@ import Namespace="System.Data" %><%@ import Namespace="System.Data.SqlClient" %><script runat="server"> Sub Page_Load End Sub Sub Button_Click( s As Object, e As EventArgs ) lblMessage.Text = "" If IsValid Then If DBAuthenticate( txtUsername.Text, txtPassword.Text ) > 0 Then FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, False ) End If End If End Sub Function DBAuthenticate( strUsername As String, strPassword As String ) As Integer Dim conMyData As SqlConnection Dim cmdSelect As SqlCommand Dim parmReturnValue As SqlParameter Dim intResult As Integer 'try and make a connection Try conMyData = New SqlConnection( ConfigurationSettings.AppSettings("strConn") ) cmdSelect = New SqlCommand( "DBAuthenticate", conMyData ) cmdSelect.CommandType = CommandType.StoredProcedure parmReturnValue = cmdSelect.Parameters.Add( "RETURN_VALUE", SqlDbType.Int ) parmReturnValue.Direction = ParameterDirection.ReturnValue cmdSelect.Parameters.Add( "@username", strUsername ) cmdSelect.Parameters.Add( "@password", strPassword ) conMyData.Open() cmdSelect.ExecuteNonQuery() intResult = cmdSelect.Parameters( "RETURN_VALUE" ).Value 'catch any exceptions that might be thrown Catch e as Exception Response.Write("An Error Occurred: " & e.toString()) 'clean up and close resources Finally conMyData.Close() End Try If intResult < 0 Then If intResult = -1 Then lblMessage.Text = "Username Not Registered!" Else lblMessage.Text = "Invalid Password!" End If End If Return intResult End Function</script>And here is the HTML:<html><head><title>IMS - Issues Management System</title><script language="javascript"><!--function popUp(URL) {day = new Date();id = day.getTime();eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=0,width=300,height=510,left=10,top=20');");}--></script></head><body> <table cellspacing="0" cellpadding="10" width="100%" bgcolor="#ffffff" border="0"> <tbody> <tr> <td> </td> </tr> </tbody> </table> <table height="50%" cellspacing="0" cellpadding="0" width="100%" align="center" bgcolor="#ffffff" border="0"> <tbody> <tr> <td> <table cellspacing="0" cellpadding="0" width="70%" align="center" bgcolor="#ffffff" border="0"> <tbody> <tr> <td> <table cellspacing="1" cellpadding="4" width="50%" align="center" border="1"> <tbody> <tr> <td width="100%" bgcolor="#003466"> <div align="center"><font face="Arial, Helvetica, sans-serif" color="#ffffff" size="2"><b>Issues Management System (IMS) </b></font> </div> </td> </tr> <tr> <td align="right" bgcolor="#ffffff"> <object codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" height="54" width="84" align="top" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"> <param name="_cx" value="2223" /> <param name="_cy" value="1429" /> <param name="FlashVars" value="" /> <param name="Movie" value="/flash/ims.swf" /> <param name="Src" value="/flash/ims.swf" /> <param name="WMode" value="Window" /> <param name="Play" value="-1" /> <param name="Loop" value="-1" /> <param name="Quality" value="High" /> <param name="SAlign" value="" /> <param name="Menu" value="-1" /> <param name="Base" value="" /> <param name="AllowScriptAccess" value="always" /> <param name="Scale" value="ShowAll" /> <param name="DeviceFont" value="0" /> <param name="EmbedMovie" value="0" /> <param name="BGColor" value="" /> <param name="SWRemote" value="" /> <param name="MovieData" value="" /> <param name="SeamlessTabbing" value="1" /> <embed src="/flash/ims.swf" width="84" height="54" align="top" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash"></embed> </object> </td> </tr> <tr> <td width="100%" bgcolor="#f1f1f1" height="267"> <font face="verdana, arial, helvetica" size="2"> <table cellspacing="1" cellpadding="4" align="center" bgcolor="#003466" border="0"> <form runat="Server"> <h2><font face="Arial, Helvetica, sans-serif">Please Login:</font> </h2> <font face="Arial, Helvetica, sans-serif"> <asp:Label id="lblMessage" Runat="Server" Font-Bold="True" ForeColor="Red"></asp:Label> </font> <p> </p> <tbody> <tr valign="top"> <td align="right" bgcolor="#dfdfdf"> <font face="Arial, Helvetica, sans-serif" size="2"><b>User Name:</b></font></td> <td bgcolor="#dfdfdf"> <font face="verdana, arial, helvetica" size="2"> <asp:TextBox id="txtUsername" Runat="Server"></asp:TextBox></font> <font face="Arial, Helvetica, sans-serif" size="2"> <asp:RequiredFieldValidator id="RequiredFieldValidator1" Runat="Server" Text="Required!" ControlToValidate="txtUsername"></asp:RequiredFieldValidator> </font></td> </tr> <tr valign="top"> <td align="right" bgcolor="#f1f1f1"> <font face="Arial, Helvetica, sans-serif" size="2"><b>Password:</b></font></td> <td bgcolor="#f1f1f1"> <font face="verdana, arial, helvetica" size="2"> <asp:TextBox id="txtPassword" Runat="Server" TextMode="password"></asp:TextBox></font> <font face="Arial, Helvetica, sans-serif" size="2"> <asp:RequiredFieldValidator id="RequiredFieldValidator2" Runat="Server" Text="Required!" ControlToValidate="txtPassword"></asp:RequiredFieldValidator> </font></td> </tr> <tr> <td align="right" bgcolor="#dfdfdf"> </td> <td align="right" bgcolor="#dfdfdf"> <font face="Arial, Helvetica, sans-serif" size="2"> <asp:CheckBox id="chkRemember" runat="server" Text="Remember Me"></asp:CheckBox> </font> <asp:Button id="Button1" onclick="Button_Click" Runat="Server" Text="Login!"></asp:Button> </td> </tr> <tr valign="top"> <td align="left" bgcolor="#f1f1f1"> <font face="Arial, Helvetica, sans-serif" size="2"> <a href="javascript: popUp('forgotpwd.aspx');">Forget Your Password ?</a> </font></td> <td align="right" bgcolor="#f1f1f1"> <font face="Arial, Helvetica, sans-serif" size="2"> <a href="register.aspx">New IMS User ?</a> </font></td> </tr> </tbody> </form> </table> </font></td> </tr> <tr> <td align="right"> <a href="http://www.thyssenkrupp.com" target="_blank"><img src="/images/krause.gif" border="0" /></a></td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table></body></html>The html is prolly not as important...but does the vb.net portion give you any idea as to how I did this ?Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2004-09-17 : 21:26:04
|
| In your code, you have this line :FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, False )If you change the False to True, it will set the cookie to not expire. Read up on that method in the .NET docs, they can explain it much better than I can.Damian |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-18 : 12:33:54
|
| Thanks Damian,I think I understand it now..BTW I am using forms authentication.My next question is after that line you had posted...and the user clicks login. Where does this cookie get stored, on the local machine ? Finally after he / she clicks login I noticed the page gets redirected exactly back to the same page. How do I redirect the userto the correct page after they click login and they are a valid user?Thanks again D,JonPS I Hit 1000, can I get the name: Prickulator ?Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
Merkin
Funky Drop Bear Fearing SQL Dude!
4970 Posts |
Posted - 2004-09-18 : 12:43:28
|
The cookie gets stored on the clients browser.If you add the attribute trace="true" to the <@Page directive of your aspx page you can see the value of all the cookies for a request.The way the forms auth module works is that when a user requests a page that requires a login, they are bounced to the login page. On successful login, you bounce them back to the page they originally wanted. There are some other options if you want to do something tricky, read up on the FormsAuthentication module.Congrats on 1000 posts! I'll do something about it after I get some sleep (it's 3am  )Damian |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 09:43:00
|
quote:
Originally posted by Merkin
The cookie gets stored on the clients browser.If you add the attribute trace="true" to the <@Page directive of your aspx page you can see the value of all the cookies for a request.The way the forms auth module works is that when a user requests a page that requires a login, they are bounced to the login page. On successful login, you bounce them back to the page they originally wanted. There are some other options if you want to do something tricky, read up on the FormsAuthentication module.Congrats on 1000 posts! I'll do something about it after I get some sleep (it's 3am )Damian
Hi Damian,Thank You for the information..I have read it and it seems to make a lot of sense however, I am not getting the expected results. For instance I followed the example on http://www.asp.net/Tutorials/quickstart.aspxshows a section for forms based authentication. http://www.dotnetjunkies.com/QuickStart/aspplus/samples/security/cookieauth/vb/login.aspx?ReturnUrl=%2fquickstart%2faspplus%2fsamples%2fsecurity%2fCookieAuth%2fVB%2fdefault.aspxWhen I login it redirects me to a default.aspx page. BUt I look at the code and do not see how they accomplish that. All they do is call: Sub Login_Click(Src As Object, E As EventArgs) ' authenticate user: this samples accepts only one user with ' a name of someone@www.contoso.com and a password of 'password' If UserEmail.Value = "someone@www.contoso.com" And UserPass.Value = "password" FormsAuthentication.RedirectFromLoginPage(UserEmail.Value, PersistCookie.Checked) Else Msg.Text = "Invalid Credentials: Please try again" End IfThe FormsAuthentication.RedirectFromLoginPage, which is what I do but theres takes them to a new page. Mine when I login and provide correct credentials bounces me back to the same login page.Any idea ?Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 13:13:54
|
| Thanks got itJonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
|
|
|
|
|
cookie monster