How to auto-authenticate users via a link when using Forms Authentication and ASP.NET?
Question
My asp.net app uses Forms Authentication which works fine. I want to also be able to create 'magic' links that someone can follow the link and not need to log in. eg if a user visits
http://myapp.com/viewstuff.aspx
then they'll be redirected to login.aspx first, but if they visit
http://myapp.com/viewstuff.aspx?ThingId=1234&Expires=20121004153200&Signature=aksdjfhalsdfydmvbsdkfjhysdk
then it will automatically log them in as a guest account and let them view the requested stuff. I can generate such links and write the logic to check the signature is valid, but I'm not sure where in the ASP.NET lifecycle to put my logic. Any suggestions?
Currently I've put the logic into Application_AuthorizeRequest but it doesn't seem ideal as I need to Redirect() the user once I've authenticated them. I'd prefer to be able to set something so say 'ok, I've authenticated this person and set their identity, let their request continue'.
If anyone has an example of implementing this that would be great.
1 answers
solution1
-1 2012-10-04 14:24:01
Well, sounds like you are on the right track. You will be redirected to your login page if viewstuff.aspx requires authentication, so you will need to put the logic there (in login.aspx.cs) to pull out your query string, pull apart the values and authenticate the user before passing them back to the returnurl.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.