Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

RememberMe with DotNetOpenId in ASP.NET MVC

Tags:

asp.net-mvc

openid

dotnetopenauth

Using DotNetOpenAuth 3 in ASP.NET MVC and implementing a RememberMe facility ...

I'm finding that even if I set createPersistentCookie to true in FormsAuthentication.RedirectFromLoginPage and FormsAuthentication.SetAuthCookie the user is not remembered once the ASP.NET session times out.

If I inspect the cookie I find it is marked as persistent and does have an expiry date way in the future, I assume because I set my web.config FORMS timeout to a few years away. Anyhow, if the user closes the browser and re-opens it they are remembered correctly - as long as the ASP session hasn't timed out.

An older post of Scott Hanselmann's makes me wonder if it is because FormsAuthentication tries to renew the authentication ticket and maybe in an OpenId model that doesn't work but I have set FORMS SlidingExpiration="false" in web.config and anyway I thought that forcing a persistent cookie would make that stuff irrelevant.

I'm also wondering why the DotNetOpenId MVC sample doesn't include a RememberMe checkbox - maybe there's something tricky about it?

On the other hand, here at StackOverflow I see I am automatically remembered across sessions. Wondering whether they used something other than DotNetOpenId to do their OpenId authentication.

Anybody else done RememberMe successfully with DotNetOpenId in ASP.NET MVC? Any tricks?

[Update]

Thanks for trying to help, Andrew. Turns out this was not about DotNetOpenId.

I gather, after reading this, that my hosting provider is probably recycling the app pool regularly and that's causing the authentication ticket encryption to be done with a new machine key.

As per the preceding linked article I added the following under System.Web in my Web.Config and it resolved the issue:

<machineKey
    validationKey="(generated a new key to place here)"     
    decryptionKey="(generated a new key to place here)"
    validation="SHA1"
    decryption="AES" />
like image 221
Martin Avatar asked Apr 20 '09 13:04

Martin

1 Answers

Does the cookie name match in your web.config file and your controller's call to FormsAuthentication.SetAuthCookie? This may be a bug in the DNOI sample, but I suspect if you have a cookie name in your web.config file (as the DNOI sample does), then you probably have to set the cookie name as the third parameter to SetAuthCookie or RedirectFromLoginPage. Otherwise, forms auth doesn't recognize the persistent cookie you set as the login cookie.

like image 114
Andrew Arnott Avatar answered Oct 15 '22 10:10

Andrew Arnott
Sign in to Comment

Related questions

Actual Debug Symbols for ASP.NET MVC 2 Release Version
Advice on POCO Validation with ASP.NET MVC/Entity Framework
Custom IPrincipal with Forms Authentication in ASP.NET MVC
How to limit bandwidth and allow multiple downloads when downloading a file?
Create new parent and child on the same page
What can Entity Framework Migrations do that FluentMigrator cannot?
ASP.NET WEB API 2 Works Locally But Not On Production Web Server
Microsoft.Web.Administration assembly error on azure
ASP.NET MVC with Async Action
What are the pros and cons of Areas implemented as single projects vs multiple projects in asp.net mvc
Where to store AES key?
Change default ASP.NET Identity Two-factor remember Cookie Expire Time
MVC or Web API transfer byte[] the most efficient approach
asp.net - image keywords missing after uploading image to server
How to make WebAPI actions accessible only from my app?
WebAPI + Forms Authentication + SimpleMembershipProvider using WindowsIdentity when it shouldn't
How do I stream a video file using ASP.NET MVC?
Can ASP.NET MVC + EF scaffolding be used after implementing EntityTypeConfiguration classes?
Shared projects and resource files
ASP.NET MVC renders html tags & attributes in lowercase

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!