LogIn Control's Remember Me checkbox would not authenticate user when checked

Question

I have set the cookies in my web.config . .

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login.aspx" timeout="360" requireSSL="false" cookieless="UseCookies" name=".Mordevayne" slidingExpiration="true"/>
</authentication>

as well as machinekey.

   <machineKey validationKey="80B18E7CF458B1F8A7C91E656AA89CD49904C693C5F2A90926C43E970A2B0350E7B76507BB8F1F99597F595DD64D2934A2A8B192A013E9EFA8C79046931AB6EA"
decryptionKey="3B35B60055DB752582304CB98E3B560BE39BC063BB9AF8C50F4A58DC3D612472"
validation="SHA1" decryption="AES"/>

. . But the user is not authenticated whenever the Remember Me checkbox is checked when I uploaded it in a hosting site; But when ran in localhost, tt works fine. I wonder why?

By the way here is my log-in code:

Private Sub myLogin_Authenticate(ByVal sender As Object, ByVal e As 
System.Web.UI.WebControls.AuthenticateEventArgs) Handles myLogin.Authenticate

If Membership.ValidateUser(myLogin.UserName, myLogin.Password.Trim) Then

        Dim conString = ConfigurationManager.ConnectionStrings("ApplicationServices")
        Dim strConnString As String = conString.ConnectionString
        Dim loginswitch As Int16 = 0
        Dim loginswitch2 As Int16 = 0
        'check first if banned
        Dim con7 As SqlConnection = New SqlConnection(strConnString)
        Dim query7 As String = "SELECT * from xBanUsers WHERE username=@username"
        Dim cmd7 As SqlCommand = New SqlCommand(query7, con7)
        cmd7.Parameters.AddWithValue("@username", myLogin.UserName)
        con7.Open()
        Dim rd7 As SqlDataReader = cmd7.ExecuteReader
        rd7.Read()
        If rd7("isBanned") = "yes" Then
            'then check if banEnd is over
            Dim banEnd As DateTime = rd7("banEnd")
            If banEnd > DateTime.Now Then
                Session("banDetails") = "You have been banned by <font color='red'><b>" + rd7("punisher") + "</b></font> from <i>" + rd7("dateBanned") + "</i> up to <i>" + rd7("banEnd") + "</i>.<br/><br/>"
                Session("banDetails") += "<b>Ban Reason</b>: " + rd7("banReason") + ".<br/><br />"
                Session("banDetails") += "<b>Additional Details</b>:<br/>" + rd7("banNote")
                Response.Redirect("/BanReason.aspx")
            Else
                loginswitch2 = 1
            End If

        ElseIf rd7("isBanned") = "no" Then
            loginswitch = 1
        End If
        rd7.Close()
        con7.Close()

        'read addminutes         
        Dim conInterval As SqlConnection = New SqlConnection(strConnString)
        Dim queryInterval = "SELECT * FROM settime"
        Dim cmdInterval = New SqlCommand(queryInterval, conInterval)
        conInterval.Open()
        Dim rdInterval As SqlDataReader = cmdInterval.ExecuteReader
        rdInterval.Read()
        Dim addminutes As Integer = rdInterval("addminutes")
        rdInterval.Close()
        conInterval.Close()

        'proceed log in
        If loginswitch = 1 Or loginswitch2 = 1 Then
            'MsgBox(loginswitch2)
            Dim con As SqlConnection = New SqlConnection(strConnString)
            con.Open()
            Dim query As String = "INSERT INTO loginusers(username,date,time,month,year,datetime,day,IPAddress) VALUES(@usernameX,@dateX,@timeX,@monthX,@yearX,@datetimeX,@dayX,@IPAddress)"
            Dim cmd As SqlCommand = New SqlCommand(query, con)
            cmd.Parameters.AddWithValue("@usernameX", myLogin.UserName)
            Dim xxap As DateTime = DateTime.Now()
            xxap = xxap.AddMinutes(addminutes)
            cmd.Parameters.AddWithValue("@dateX", xxap.ToString("MM/dd/yyyy"))
            cmd.Parameters.AddWithValue("@timeX", xxap.ToString("HH:mm:ss"))
            cmd.Parameters.AddWithValue("@monthX", xxap.ToString("MM"))
            cmd.Parameters.AddWithValue("@yearX", xxap.ToString("yyyy"))
            cmd.Parameters.AddWithValue("@datetimeX", xxap.ToString("MM/dd/yyyy HH:mm:ss"))
            cmd.Parameters.AddWithValue("@dayX", xxap.ToString("dd"))
            Dim strHostName As String = System.Net.Dns.GetHostName()
            Dim clientIPAddress As String = System.Net.Dns.GetHostAddresses(strHostName).GetValue(0).ToString()
            cmd.Parameters.AddWithValue("@IPAddress", clientIPAddress)
            cmd.ExecuteNonQuery()
            con.Close()
            e.Authenticated = True
        End If


    Else
        e.Authenticated = False
    End If


End Sub

Where is your code setting the authentication cookie? also consider using requireSSL="true" — MikeSmithDev, Nov 15 '12 at 04:25
I'm just a student and I'm not using SSL because I'm just using a free hosting site. — Sargireh, Nov 15 '12 at 04:35

score 0 · Answer 1 · edited May 23 '17 at 12:27

0

When ever user check the check box the password is saved in a cookie. The next time when it comes back it is authenticated by the cookies which is all ready there in the browsers memory.
In your case it may be the problem with the cookies. Are you specifying the time of cookies or what?

Here is one question which may help you How does ASP.Net Cookieless work ?

edited May 23 '17 at 12:27

Community

1
1

answered Nov 15 '12 at 04:30

शेखर

17,412
13
61
117

I did specify it in my web.config – Sargireh Nov 15 '12 at 04:38
Do you mean this one? – Sargireh Nov 15 '12 at 04:52

LogIn Control's Remember Me checkbox would not authenticate user when checked

1 Answers1