I have a register page where the user is assigned to a role as follows once the user clicks on the submit button:
MembershipUser oMU;
if (!(Roles.RoleExists("Stream")))
{
Roles.CreateRole("Stream");
}
oMU = Membership.CreateUser(txtUserName.Text.Trim(), txtPassword.Text.Trim(), txtEmail.Text.Trim());
Membership.UpdateUser(oMU);
Roles.AddUserToRole(oMU.UserName, "Stream");
When the user goes to a login screen, I have the following:
When the user logs in, I need to make sure that they indeed are part of that role:
if (User.IsInRole("Stream"))
{
}
but it never goes into the User.IsInRole block. What do I need to do in order to have the user who registered be part of the Role such that it works with User.IsInRole.
Note that I have a folder as such so I need them to be part of the Streaming Role:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
<allow roles="Stream" />
</authorization>
</system.web>
</configuration>
Move <allow roles="Stream" /> above <deny users="*" />. Otherwise, all users will be denied.
<configuration>
<system.web>
<authorization>
<allow roles="Stream" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
Make sure to you have membership and RoleManager in web.config
Here is the sample -
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<clear/>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="XXXXXSqlConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="XXXXX"/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="false" defaultProvider="DefaultRoleProvider">
<providers>
<clear/>
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="XXXXXSqlConnection" applicationName="XXXXX"/>
</providers>
</roleManager>
Try using HttpContext to get current login user:
if (HttpContext.Current.User.IsInRole("Stream"))
{
}
Related
I have a website folder on my local machine. I have already used aspnet_regsql.exe on the SQL Server hosted on windows server. I have to deploy this website to a different server (on IIS).
When i user visual studio on my local machine to create roles, so that I can deploy it afterwards. But I am getting the below error,
Line 44: public static bool ValidLogin(string username, string password)
Line 45: {
Line 46: return Membership.ValidateUser(username, password);
Line 47: }
Line 48:
My connection string is:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings>
<add name="UBCATDB" connectionString="Data Source=\sqlexpress;Initial Catalog=UB_CAT;" providerName="System.Data.SqlClient" />
<add name="UBCATEntities" connectionString="metadata=res://*/App_Code.UBCATDB.csdl|res://*/App_Code.UBCATDB.ssdl|res://*/App_Code.UBCATDB.msl;provider=System.Data.SqlClient;provider connection string="Data Source=\sqlexpress;Initial Catalog=UB_CAT;Persist Security Info=True;MultipleActiveResultSets=True" " providerName="System.Data.EntityClient" />
</connectionStrings>
<system.web>
<identity impersonate="true" />
<authorization>
<allow roles="Administrator" />
<allow users="ubcat" />
</authorization>
<customErrors mode="Off"></customErrors>
<authentication mode="Forms">
<forms name="UBCATSqlAuthCookie" loginUrl="~/Account/Login.aspx"
timeout="60" />
</authentication>
<sessionState timeout="60" />
<membership defaultProvider="UBCATSqlMembershipProvider" userIsOnlineTimeWindow="60">
<providers>
<clear />
<add name="UBCATSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="UBCATDB" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="UBCAT" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="UBCATSqlRoleProvider" cookieTimeout="60">
<providers>
<clear />
<add connectionStringName="UBCATDB" applicationName="UBCAT" name="UBCATSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" />
</providers>
</roleManager>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.Entity.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
<buildProviders>
<add extension=".edmx" type="System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider" />
</buildProviders>
</compilation>
</system.web>
</configuration>
I have a asp.net/c# application that is using Windows authentication. I'm trying to control permission based on what AD users belong in but I can't seem to get it to work through the web.config.
I also added some code in the code behind and it's even acting strange:
if (Roles.IsUserInRole("STP Admin"))
{
int j = 1;
}
if (User.IsInRole(#"DOMAINNAME\STP Admin"))
{
int i = 1;
}
the first if block does not work however the second one does. So I believe this tells me the application can/is communicating with AD.
Here is my web.config that is where I'd like the code to go and it is not working for granting permissions. It will deny me access to the paths even though I am in those groups, proven by code above.
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="loggingConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.LoggingSettings, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</configSections>
<loggingConfiguration name="Logging Application Block" tracingEnabled="true" defaultCategory="General" logWarningsWhenNoCategoriesMatch="true">
<listeners>
<add databaseInstanceName="STPDB" writeLogStoredProcName="WriteAuditLog" addCategoryStoredProcName="AddAuditCategory" formatter="Custom Audit Database Formatter" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Database.Configuration.FormattedDatabaseTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.Database.FormattedDatabaseTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging.Database, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Database Trace Listener"/>
<add source="Enterprise Library Logging" formatter="Text Formatter" log="Application" machineName="" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.FormattedEventLogTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.FormattedEventLogTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Formatted EventLog TraceListener"/>
</listeners>
<formatters>
<add template="{dictionary({key} - {value})}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Custom Audit Database Formatter"/>
<add template="Timestamp: {timestamp}
Message: {message}
Category: {category}
Priority: {priority}
EventId: {eventid}
Severity: {severity}
Title:{title}
Machine: {machine}
Application Domain: {appDomain}
Process Id: {processId}
Process Name: {processName}
Win32 Thread Id: {win32ThreadId}
Thread Name: {threadName}
Extended Properties: {dictionary({key} - {value}
)}" type="Microsoft.Practices.EnterpriseLibrary.Logging.Formatters.TextFormatter, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="Text Formatter"/>
</formatters>
<categorySources>
<add switchValue="All" name="Audit">
<listeners>
<add name="Database Trace Listener"/>
</listeners>
</add>
<add switchValue="All" name="General">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</add>
</categorySources>
<specialSources>
<allEvents switchValue="All" name="All Events"/>
<notProcessed switchValue="All" name="Unprocessed Category">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</notProcessed>
<errors switchValue="All" name="Logging Errors & Warnings">
<listeners>
<add name="Formatted EventLog TraceListener"/>
</listeners>
</errors>
</specialSources>
</loggingConfiguration>
<connectionStrings>
<add name="STPDB" connectionString="Data Source=server\;Initial Catalog=DB;user id=usr;pwd=pass;Integrated Security=False" providerName="System.Data.SqlClient"/>
</connectionStrings>
<appSettings>
<add key="FromEmailAddress" value="stp1#company.com"/>
<add key="TrainingWarning" value="*Note: Training not being recorded for Medical, ..."/>
<add key="PrivacyMessage" value="This Information System Is Subject To The Privacy Act Of 1974"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
<allow roles="DOMAIN\STP Training"/>
<allow roles="DOMAIN\STP Personnel"/>
<allow roles="DOMAIN\STP Admin"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
<providers>
<clear/>
<add name="AspNetActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
<providers>
<add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
</providers>
</roleManager>
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/>
</providers>
</siteMap>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
</providers>
</profile>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<customErrors mode="RemoteOnly" redirectMode="ResponseRewrite" defaultRedirect="~/ErrorPage.aspx">
</customErrors>
</system.web>
<location path="\TrainingSec">
<system.web>
<authorization>
<allow roles="STP Training"/>
<allow roles="STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="\Manage">
<system.web>
<authorization>
<allow roles="STP Training"/>
<deny users="*"/>
<allow roles="Sentry Admin"/>
</authorization>
</system.web>
</location>
<location path="\Admin">
<system.web>
<authorization>
<allow roles="STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.net>
<mailSettings>
<smtp deliveryMethod="Network" from="STP#Company.com">
<network defaultCredentials="false" host="11.111.11.11" port="25"/>
</smtp>
</mailSettings>
</system.net>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<defaultDocument>
<files>
<clear />
<add value="Dashboard.aspx"/>
</files>
</defaultDocument>
</system.webServer>
</configuration>
You seem to have forgotten the domain part :
<location path="\TrainingSec">
<system.web>
<authorization>
<allow roles="DOMAIN\STP Training"/>
<allow roles="DOMAIN\STP Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
I have a html landing page for my asp.net website however i cannot give it to display it always goes to the login.
What can i set in web.config to fix this?
I have tried
<authentication mode="Forms">
<forms defaultUrl="index.html" loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<location path="index.html">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
<defaultDocument>
<files>
<clear />
<add value="index.html" />
</files>
</defaultDocument>
All with no luck. Please help
Thanks in advance
Here is my full web.config
<configuration>
<connectionStrings>
<!--<add name="ApplicationServices" connectionString="Data Source=.\sqlexpress;Initial Catalog=ArctixDb;Integrated Security=SSPI;"/>-->
<add name="ApplicationServices" connectionString="" />
<add name="ArctixDbEntities" connectionString="" />
</connectionStrings>
<system.web>
<customErrors mode="Off" />
<httpHandlers>
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
validate="false" />
</httpHandlers>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</buildProviders>
</compilation>
<authentication mode="Forms">
<forms defaultUrl="index.html" loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location allowOverride="true">
<appSettings>
<add key="SMTPServer" value="" />
<add key="SMTPServerPort" value="25" />
<add key="SMTPServerSSL" value="false" />
<add key="SMTPUsername" value="" />
<add key="SMTPPassword" value="" />
<add key="SystemEmailAddress" value="" />
<add key="SystemEmailAddressName" value="" />
</appSettings>
</location>
<location path="Styles">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Account">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="images">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="index.html">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<defaultDocument>
<files>
<clear />
<add value="index.html" />
</files>
</defaultDocument>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
</configuration>
I eventually just set my login page to the landing page
Can you structure your site as follows?
Allow the root directory / styles / etc to permit anonymous access
Add a 'secure' directory with its own web.config, specifying forms authentication
Anything outside 'secure' will be accessible.
plz help with one issue.
I have Membership configured with IIS7, tables for it located in my own database, created with aspnet_regsql utility, and I am using custom connection string to access it.
This is part of web.config related to Membership :
<connectionStrings>
<add connectionString="Server=CORESERVER\SQLExpress;Database=Shop;User ID=Tema;Password=Matrix" name="CustomSqlConnection" />
</connectionStrings>
<profile enabled="true">
<providers>
<add name="CustomSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
</providers>
</profile>
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true">
<providers>
<add name="CustomSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" />
</providers>
</roleManager>
<membership defaultProvider="CustomSqlMemberProvider">
<providers>
<add name="CustomSqlMemberProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" enablePasswordReset="true" enablePasswordRetrieval="false" passwordFormat="Hashed" requiresQuestionAndAnswer="true" requiresUniqueEmail="true" applicationName="/" maxInvalidPasswordAttempts="10" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
</providers>
</membership>
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="login.aspx" name="WebShopAuthentication" protection="All" timeout="30" path="/" requireSSL="false" defaultUrl="~/admin/default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
And ... Forms authorization, getting user and his membership info is OK.
But ... getting roles is always FALSE.
MembershipUser userData = Membership.GetUser(HttpContext.Current.User.Identity.Name); // OK !!! IT IS GREAT :)
var a = new RolePrincipal(HttpContext.Current.User.Identity);
var aa = a.getRoles(); // {string[0]} - EMPTY!!!
var b = Roles.IsUserInRole("Administrator", "Administrator"); // FALSE!!!
var c = Roles.Providers["CustomSqlRoleProvider"].GetAllRoles(); // {string[0]} - EMPTY!!!
var d = Roles.IsUserInRole(HttpContext.Current.User.Identity.Name, "Administrator"); // FALSE!!!
var e = HttpContext.Current.User.IsInRole("Administrator"); // FALSE !!!
WHYYYY???
What am i doing wrong???
Just to refine ... authorization works fine and uses roles correctly. Another part of my web.config :
<location path="Admin">
<system.web>
<pages styleSheetTheme="Admin" theme="Admin">
</pages>
<authorization>
<deny users="?" />
<allow roles="Administrator" />
</authorization>
</system.web>
<appSettings>
<add key="ThemeName" value="Admin" />
</appSettings>
</location>
And then in code is used :
Membership.ValidateUser(userName.Text, userPassword.Text) // AND IT WORKS - USER IS LOGGED IN
The answer is that i didn't add applicationName parameter to web.config correctly - after adding i should restart IIS and if needed recreate roles.
This is final version of web.config :
<roleManager defaultProvider="CustomSqlRoleProvider" enabled="true">
<providers>
<add name="CustomSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="CustomSqlConnection" applicationName="/" />
</providers>
</roleManager>
I have some problems with getting my website to log out the authenticated user automatically when the session ends (the user closes the browser).
This is what I have in my web.config:
<authentication mode="Forms">
<forms name="AuthCookie" protection="All" loginUrl="~/default.aspx" path="/" cookieless="UseCookies" timeout="2592000"/>
</authentication>
<authorization>
<allow users="?" />
</authorization>
<membership defaultProvider="ASPPGSqlMembershipProvider" userIsOnlineTimeWindow="20">
<providers>
<clear />
<add name="AspNetSqlMemberShipProvider" applicationName="umbraco4" type="System.Web.Security.SqlMembershipProvider" connectionStringName="UmbracoDb" requiresUniqueEmail="true" enablePasswordReset="true" enablePasswordRetrieval="false"/>
<add name="UsersMembershipProvider" applicationName="umbraco4" type="umbraco.providers.UsersMembershipProvider" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" />
<add name="ASPPGSqlMembershipProvider" applicationName="umbraco4"
passwordStrengthRegularExpression="" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
forumUpfileFolderPath="D:\www\files"
type="ASPPG.MembershipProviders.ASPPGSqlMembershipProvider, ASPPGSiteIntegrationPackage"/>
</providers>
</membership>
This is how I log in the user:
if (Membership.ValidateUser(txtUserName.Text, txtPasssword.Text)) {
HttpCookie cookie = FormsAuthentication.GetAuthCookie(txtUserName.Text, false);
cookie.Expires = DateTime.Now.AddDays(1);
cookie.Domain = ConfigurationManager.AppSettings["Level2DomainName"];
HttpContext.Current.Response.Cookies.Add(cookie);
Response.Redirect(Request.Url.ToString());
}
When I close the browser, the user is still logged in. How do I make the website forget the user through an option, so the user himself can decide if the website should remember or not?
Thanks in advance :)
M
Have you tried NOT setting the cookie.Expires or at least setting it to DateTime.MinValue for user's that don't want to be 'remembered'?
From MSDN:
Setting the Expires property to MinValue makes this a session Cookie, which is its default value.