how to implement remember me functionality in mvc?
is it secure to use cookies for this?
Answered by:- jaya
Yes, you can use cookies to save remember me but unfortunately, it is not the secure way to save remember me in cookies as the password will be passed with every request as well as being stored in plain text on the user's machine.
If you are creating a new website or have created a new MVC website, it is better to select MVC template while creating one using Visual Studio, benefit of this will be you will get remember me code with secured way provided by Microsoft, here is the Login code to save Remember Me
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// Require the user to have a confirmed email before they can log on.
// var user = await UserManager.FindByNameAsync(model.Email);
var user = UserManager.Find(model.Email, model.Password);
if (user != null)
{
if (!await UserManager.IsEmailConfirmedAsync(user.Id))
{
string callbackUrl = await SendEmailConfirmationTokenAsync(user.Id, "Confirm your account-Resend");
// Uncomment to debug locally
// ViewBag.Link = callbackUrl;
ViewBag.errorMessage = "You must have a confirmed email to log on. "
+ "The confirmation token has been resent to your email account.";
return View("Error");
}
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}Important lines
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);OR
Second method: You can try the code below to save user login data in a secure way using Cookie by encrypting it
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>Your Code in Controller
[HttpPost]
//Cosidering LoginViewModel is your Login model
public ActionResult Login(LoginViewModel dto) {
//you authorisation logic here
if (userAutherised) {
//create the authentication ticket
var authTicket = new FormsAuthenticationTicket(
1,
userId, //user id
DateTime.Now,
DateTime.Now.AddMinutes(20), // expiry
rememberMe, //true to remember
"", //roles
"/"
);
//encrypt the ticket and add it to a cookie
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);
return RedirectToAction("Index");
}
}It should work, let me know if you find any issues or upvote and mark it as answer if it helped, thanks
Subscribe to our weekly Newsletter & Keep getting latest article/questions in your inbox weekly
Buy us a coffee
Become a Patron