How to get is session IsPersistent on ASP.NET MVC?

Question

I have ASP.NET MVC 5.0 project using ASP.NET Identity. When user log in i use this function to track user by system.

SignInManager.SignIn(user,IsPersistent,false)

In user profile i have ability to change UserName, after that i need automatically to relogin user to stay user tracking. I logout user and use this function to login, but where i can get IsPersistent property of current session?

I can store IsPersistent in User table on database after each login, but I think this is not the best solution.

Why don't you store the IsPersistent in a session and get the value back from session when you are re-logging the user. — Mohammad Ajmal Amirzad, Jun 18 '18 at 23:49
@AjmalAmirzad good idia. If i login in session i can set seesion variable as selected value, but if there is autologin i need to check it and set sessiоn value isPersistant = true. You can pass it as answer if you wish. — Dmitrij Polyanin, Jun 20 '18 at 15:32

score 1 · Accepted Answer · answered Jun 21 '18 at 11:05

I have changed the Login code in AccountController's Login action to meet your requirements. I have commented out ASP.NET Identity default login mechanism.

Now what this code will do is that it will first find the user and then check if the entered password matches with the user's password. Once the password is matched, it would add a fake claim to the user to store the persistent state and sign in the user.

[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    if (!ModelState.IsValid)
    {
        return View(model);
    }

    SignInStatus result = SignInStatus.Failure;

    var user = UserManager.FindByEmail(model.Email);
    if (user != null)
    {
        var isPasswordOk = UserManager.CheckPassword(user, model.Password);
        if (isPasswordOk)
        {
            user.Claims.Add(new IdentityUserClaim() { ClaimType = "IsPersistent", ClaimValue = model.RememberMe.ToString() });
            await SignInManager.SignInAsync(user, model.RememberMe, false);

            result = SignInStatus.Success;
        }
    }

    // This doesn't count login failures towards account lockout
    // To enable password failures to trigger account lockout, change to shouldLockout: true
    //var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);

    switch (result)
    {
        case SignInStatus.Success:
            return RedirectToLocal(returnUrl);

        case SignInStatus.LockedOut:
            return View("Lockout");

        case SignInStatus.RequiresVerification:
            return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });

        case SignInStatus.Failure:
        default:
            ModelState.AddModelError("", "Invalid login attempt.");
            return View(model);
    }
}

Once the user is logged in through, you can check if a user is persistent using below code.

if (User.Identity.IsAuthenticated)
{
    Claim claim = ((ClaimsIdentity)User.Identity).FindFirst("IsPersistent");
    bool IsPersistent = claim != null ? Convert.ToBoolean(claim.Value) : false;
}

I hope this solves your problem.

But if this information is in claims how it will work on different divices. If on one computer i make permanent login and on other temporary? — Dmitrij Polyanin, Jun 23 '18 at 09:43
@DmitrijPolyanin I couldn’t get your question. A separate session is generated for every login on a different device/browser so logging into one device/browser with permanent login will keep the login permanent and logging on a different device with a temporary login will expire the session as you close the browser. — Mohammad Ajmal Amirzad, Jun 23 '18 at 16:10
I stored it in Claims instead of session because i wanted this to be available for the whole life of the login period. — Mohammad Ajmal Amirzad, Jun 24 '18 at 04:59

score 0 · Answer 2 · answered Dec 13 '18 at 19:43

To get the value of IsPersistent, call AuthenticateAsync:

@using Microsoft.AspNet.Identity;

var authenticateResult = await HttpContext.GetOwinContext()
                               .Authentication.AuthenticateAsync(
                                   DefaultAuthenticationTypes.ApplicationCookie
                               );
var isPersistent = authenticateResult.Properties.IsPersistent; //// true or false

How to get is session IsPersistent on ASP.NET MVC?

2 Answers2

Linked