Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does FormsAuthentication.SetAuthCookie do

Tags:

I'm using A createuserwizard control. On the CreatedUser Event I placed this code to add the user to a role.

    protected void RegisterUser_CreatedUser(object sender, EventArgs e)
    {
        FormsAuthentication.SetAuthCookie(RegisterUser.UserName, false /* createPersistentCookie */);


        if (!Roles.IsUserInRole("Test"))
        {
            var User= Membership.GetUser();
            Roles.AddUserToRole(User.UserName, "Test");
        }

        string continueUrl = RegisterUser.ContinueDestinationPageUrl;

        if (String.IsNullOrEmpty(continueUrl))
        {
            continueUrl = "~/";
        }
        Response.Redirect(continueUrl);
    }

I would also like to know what FormsAuthentication.SetAuthCookie(RegisterUser.UserName, false /* createPersistentCookie */); means and what it's used for and why Membership.GetUser() is null.

like image 622
David Avatar asked Aug 20 '11 20:08

David


2 Answers

Do you have LoginCreatedUser="false" or DisableCreatedUser="true" on your CreateUserWizard?

Those will prevent the user from being logged in immediately, and cause Membership.GetUser() to return null, because the user isn't currently logged in.

If you want the user to be logged in immediately, set neither or both LoginCreatedUser="true" and DisableCreatedUser="false" on your CreateUserWizard. That should get your current code working.

FormsAuthentication.SetAuthCookie() sets a browser cookie to initiate the user's session. It's what keeps the user logged in each time a page is posted to the server. createPersistentCookie creates a persistent cookie that doesn't expire when the browser is closed, so the user can return to the site and be logged in automatically. It should be based on whether the user checked the "Remember me" checkbox on your Login form. It isn't available on the CreateUserWizard form by default, but you can add a checkbox for it in your template, if you like.

If you don't want to have the user logged in automatically, remove the FormsAuthentication.SetAuthCookie() line from your code, and set the CreateUserWizard properties appropriately. If you want to approve users before they can log in, set DisableCreatedUser="true". That will prevent them from logging in until you set the user IsApproved=true from either the .Net Users module in the IIS Manager, or you own custom web page to approve users.

You can still set add the user to the appropriate role when the user is created without needing to log them in:

if (!Roles.IsUserInRole(RegisterUser.UserName, "Test"))
{  
    Roles.AddUserToRole(RegisterUser.UserName, "Test");
}
like image 78
nekno Avatar answered Oct 28 '22 07:10

nekno


After you create the user, you want them to be logged in right away, correct? If thats the case, you drop the auth cookie that is used by asp.net to determine if the user is authenticated (different than authorized). The "false" means that its not persistent (equivalent to "Remember me?" option on log-on form.

As to why your user is NULL, I would suggest placing a breakpoint right before that GetUser call and querying your user data store to see if its really there.

like image 21
Juan Ayala Avatar answered Oct 28 '22 08:10

Juan Ayala