Wednesday, May 1, 2013

SharePoint custom membership provider – remind me functionality

My current project is based on SharePoint site, and I manage my users in custom Database. So for the purpose I created custom membership provider and attached to the Sharepoint site. In addition to the changes, I was requested to create a custom login page.

To login to Sharepoint, after checking password and username, I use the method:
bool res = SPClaimsUtility.AuthenticateFormsUser(this.Page.Request.Url, userEmal, 
However the method does not accept “remember me” flag. I opened the method by reflector and found such lines:
bool isPersisted = !SPSecurityTokenServiceManager.Local.UseSessionCookies;
SPSessionTokenWriteType local_0 = SPSessionTokenWriteType.WriteSessionCookie;
if (isPersisted)
    local_0 = SPSessionTokenWriteType.WritePersistentCookie;
fam.SetPrincipalAndWriteSessionToken(token, local_0);

The enum says that these are temporary cookie files, which are erased when you close your browser. When you restart your browser and go back to the site that created the cookie, the website will not recognize you. You will have to log back in (if login is required) or select your preferences/themes again if the site uses these features. A new session cookie will be generated, which will store your browsing information and will be active until you leave the site and close your browser.


The enum says that these cookie files stay in one of your browser’s subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie’s file. Based on the discover, the solution for “remember me” functionality is:
SPSecurityTokenServiceManager.Local.UseSessionCookies = !keepMeLoggedIn.Checked;
bool res = SPClaimsUtility.AuthenticateFormsUser(this.Page.Request.Url, userEmal, password);

The solution add “remid me” functionality to custom log in page.


Yuri Panshin said...

I found a problem to use the method, the functionality change settings of SPSecurityTokenServiceManager, and this is not the best solution.
The best solution is explained on the thread:

However the solution has to be fixed accoding to last Sharepoint updates:
Change reflection line:

typeof(SPFederationAuthenticationModule).GetMethod(“SetPrincipalAndWriteSessionToken”, BindingFlags.Instance |
BindingFlags.InvokeMethod | BindingFlags.NonPublic).Invoke(fam, new object[] { securityToken, sessionCookie });


fam.SetPrincipalAndWriteSessionToken(securityToken, sessionCookie);

Elmo George said...

Greetings! Very useful advice within this post!

It's the little changes that produce the greatest changes. Many thanks for sharing!