2

Ok, so I have implemented a custom ExtendedMembershipProvider for use with an MVC4 application, all of this is wired up and working ok however I have been having an issue with the forms authentication cookie.

I am creating my own cookie which is fine when calling my login process directly however if I use the WebSecurity.Login function I can't seem to control the cookie myself.

So this leads me to my question, WebSecurity.Login takes three parameters (one of which is optional):

public static bool Login(
    string userName,
    string password,
    bool persistCookie (optional)
)

Now this function invokes the ValidateUser function on the ExtendedMembershipProvider which only takes two parameters:

public abstract bool ValidateUser(
    string username,
    string password
)

Where does the persistCookie parameter go? Does WebSecurity.Login handle the cookie generation itself and if so how can I override this?

Any help is much appreciated guys!!

Graham Whitehouse
  • 739
  • 2
  • 7
  • 13

1 Answers1

0

WebSecurity.Login probably executes following code:

static bool Login(string userName, string password, bool persistCookie)
{
    if(System.Web.Security.Membership.Provider.ValidateUser(userName, password))
    {
        System.Web.Security.FormsAuthentication.SetAuthCookie(userName, persistCookie);
        return true;
    }

    return false;
}

If you want to change behavior, change this snippet in accordance with the guidelines from following answer.

Community
  • 1
  • 1
Marius
  • 13
  • 4