[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginViewModel loginView)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(loginView.Email, loginView.Password))
{
var user = (CustomMembershipUser)Membership.GetUser(loginView.Email, false);
if (user != null)
{
CustomPrincipalSerializeModel userSerializeModel = new CustomPrincipalSerializeModel( )
{
ID = user.ID,
FirstName = user.FirstName,
LastName = user.LastName,
RoleName = user.Roles.Select(r = > r.RoleName).ToList()
};
string userData = JsonConvert.SerializeObject(userSerializeModel);
DateTime expirationDate = loginView.KeepMeLoggedIn? DateTime.Now.AddMonths(12): DateTime.Now.AddMinutes(15);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, expirationDate, false, userData);
HttpCookie faCookie = new HttpCookie("CookieFA", FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(faCookie);
}
return RedirectToAction("Index", "Home");
}
}
ModelState.AddModelError("", "Login Error");
< br /> return View("Login");
}
But even if I set loginView.KeepMeLoggedIn to true (should stay logged in for 1 year), when I close the browser and reopen the website , The user will be logged out.
How do I keep logged in when I close the browser?
Then I will add the change code to this:
var faCookie = new HttpCookie("CookieFA", FormsAuthentication.Encrypt(authTicket)) ;
if (authTicket.IsPersistent)
{
faCookie.Expires = authTicket.Expiration;
}
Response.Cookies.Add(faCookie);
If you also want to respect the content configured in web.config, you can add this additional code (optional):
var faCookie = new HttpCookie(FormsAuthentication. FormsCookieName, FormsAuthentication.Encrypt(authTicket));
faCookie.Path = FormsAuthentication.FormsCookiePath;
if (FormsAuthentication.RequireSSL)
{
faCookie.Secure = true ;
}
if (FormsAuthentication.CookieDomain != null)
{
faCookie.Domain = FormsAuthentication.CookieDomain;
}
. ..
I use FormsAuthenticationTicket to record users in this way:
[HttpPost]
[ValidateAntiForgeryToken]
pu blic ActionResult Login(LoginViewModel loginView)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(loginView.Email, loginView.Password))
{
var user = (CustomMembershipUser)Membership.GetUser(loginView.Email, false);
if (user != null)
{
CustomPrincipalSerializeModel userSerializeModel = new CustomPrincipalSerializeModel()< br /> {
ID = user.ID,
FirstName = user.FirstName,
LastName = user.LastName,
RoleName = user.Roles.Select(r => r .RoleName).ToList()
};
string userData = JsonConvert.SerializeObject(userSerializeModel);
DateTime expirationDate = loginView.KeepMeLoggedIn? DateTime.Now.AddMonths(12) : DateTime.Now.AddMinutes(15);
FormsAuthenticationTicket authTi cket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, expirationDate, false, userData);
HttpCookie faCookie = new HttpCookie("CookieFA", FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(faCookie);
}
return RedirectToAction("Index", "Home");
}
}
ModelState.AddModelError("", "Login Error");
return View("Login");
}
But even if I log inView .KeepMeLoggedIn is set to true (should remain logged in for 1 year), when I close the browser and reopen the website, the user will be logged out.
When I close the browser, how do I keep logged in?
First, you need to set the fifth parameter of the FormsAuthenticationTicket constructor’isPersistent’ to true.
Then I Will add the change code to this:
var faCookie = new HttpCookie("CookieFA", FormsAuthentication.Encrypt(authTicket));
if (authTicket.IsPersistent)< br />{
faCookie.Expires = authTicket.Expiration;
}
Response.Cookies.Add(faCookie);
If you also want to respect web.config You can add this extra code (optional) to the content configured in the
var faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
faCookie.Path = FormsAuthentication.FormsCookiePath;
if (FormsAuthentication.RequireSSL)
{
faCookie.Secure = true;
}
if (FormsAuthentication.CookieDomain != null)
{
faCookie.Domain = FormsAuthentication.CookieDomain;
}
...