automatic site login...

[Jim]

I have an asp.net site and I want to provide automatic login when a user
returns to my site, similar to amazon.com.

Currently my site authenticates the user and generates a token when the user
has been validated, this token is unique per login and is valid unitl the
user logouts or their session has timed out.

How would I achieve automatic login? Do I have to store the username and
password in the cookie?

please advise....

Cheers in advance

Earth Worm Jim

[Fredrik Normén NSQUARED]

You can store the user information into a cookie.
But remember to recreate the value of the cookie, because
if someone grabs the cookie, they can use it to login. Do
not save passwords in the cookie. I should create a
encrypted key and recreate this key every 10 minutes.
This key could also be stored in a service or data base,
so when a user want access to a site, the key is
retrieved from the cookie and verified against the
services or data base.

You can also take a look at Forms authentication in
ASP.Net.

/Fredrik Normén NSQUARED2

>-----Original Message-----
>I have an asp.net site and I want to provide automatic

login when a user

>returns to my site, similar to amazon.com.
>
>Currently my site authenticates the user and generates a

token when the user

>has been validated, this token is unique per login and

is valid unitl the

>user logouts or their session has timed out.
>
>How would I achieve automatic login? Do I have to store

the username and

>password in the cookie?
>
>please advise....
>
>Cheers in advance
>
>Earth Worm Jim
>
>
>
>
>
>.
>

[-=Chris=-]

I was minding my own business when Jim blurted out:

> I have an asp.net site and I want to provide automatic login when a user
> returns to my site, similar to amazon.com.
>
> Currently my site authenticates the user and generates a token when the

user

> has been validated, this token is unique per login and is valid unitl the
> user logouts or their session has timed out.
>
> How would I achieve automatic login? Do I have to store the username and
> password in the cookie?
>
> please advise....
>
> Cheers in advance
>
> Earth Worm Jim

At what point is the token invalidated? Can you just persist the token and
store the token itself in a cookie?


--
Insert corny line here

[Jim]

thanks for the answer, but the answer is not really acceptable.....

FYI

I use Active Directory behind a web service to validate my users, thus not
having to have a database to store my user accounts on a machine, and I DO
NOT want to start creating tables in a database that relate to user security
settings and user logon status.

cheers

Jim






"Fredrik Normén NSQUARED" <fnormen@hotmail.com> wrote in message
news:1d5c01c38299$c802f4f0$a101280a@phx.gbl...
You can store the user information into a cookie.
But remember to recreate the value of the cookie, because
if someone grabs the cookie, they can use it to login. Do
not save passwords in the cookie. I should create a
encrypted key and recreate this key every 10 minutes.
This key could also be stored in a service or data base,
so when a user want access to a site, the key is
retrieved from the cookie and verified against the
services or data base.

You can also take a look at Forms authentication in
ASP.Net.

/Fredrik Normén NSQUARED2

>-----Original Message-----
>I have an asp.net site and I want to provide automatic

login when a user

>returns to my site, similar to amazon.com.
>
>Currently my site authenticates the user and generates a

token when the user

>has been validated, this token is unique per login and

is valid unitl the

>user logouts or their session has timed out.
>
>How would I achieve automatic login? Do I have to store

the username and

>password in the cookie?
>
>please advise....
>
>Cheers in advance
>
>Earth Worm Jim
>
>
>
>
>
>.
>