I looked at this tutorial, and the solution it provides as an example is not
secure, as it assumes that whoever is using the computer after the logged-in
member is logged in and checks the "Remember Me" checkbox is the same
person, and automatically authenticates that person.
I did a slight modification of this, which I've posted below. This solution
simply remembers the user's UserName, and if "Remember Me" is checked, it
stores the UserName in a cookie, and populates the Login Name TextBox with
the cookie's value, and sets the focus on the Password TextBox. The User
must then type in the Password to log in. In addition, if the "Remember Me"
CheckBox is UNchecked, it will *delete* the cookie that remembers the
UserName.
protected void Page_Load(object sender, EventArgs e)
{
bool cookieExists = (Request.Cookies["authUser"] != null);
Login1.RememberMeSet = cookieExists;
if (cookieExists)
{
HttpCookie cookie = Request.Cookies.Get("authUser");
string authUserName = cookie.Values["authUserName"];
string authPassword = cookie.Values["authToken"];
TextBox txtUserName = (TextBox)Login1.FindControl("UserName");
txtUserName.Text = authUserName;
((TextBox)Login1.FindControl("Password")).Focus();
}
}
protected void Login1_LoggedIn(object sender, EventArgs e)
{
CheckBox rm = (CheckBox)Login1.FindControl("RememberMe");
bool _RememberChecked = rm.Checked;
if (_RememberChecked)
{
HttpCookie authUser = new HttpCookie("authUser");
Response.Cookies.Remove("authUser");
Response.Cookies.Add(authUser);
authUser.Values.Add("authUserName", this.Login1.UserName);
authUser.Values.Add("authToken", this.Login1.Password);
DateTime dtExpiry = DateTime.Now.AddDays(15);
Response.Cookies["authUser"].Expires = dtExpiry;
}
else Response.Cookies["authUser"].Expires = DateTime.Now.AddDays(-10);
}
--
HTH,
Kevin Spencer
Microsoft MVP
Printing Components, Email Components,
FTP Client Classes, Enhanced Data Controls, much more.
DSI PrintManager, Miradyne Component Libraries:
http://www.miradyne.net