Maintaining state

Hi,

I need to automatically sign in a user into the system the second time he enters my application. I've tried to do that by using cookies as follows:

if (Page.Request.Cookies["token"] != null)

NameValueCollection collection = new NameValueCollection();

collection.Add("stoken", Page.Request.Cookies["token"].Value);

collection.Add("action", "login");

collection.Add("appctx", "SendMessage.aspx");

WindowsLiveAuthLite.WindowsLiveLogin.User user = login.ProcessLogin(collection);

if (user != null)

authenticated = true;

I don't know if this will help you out, but I believe I had that same problem and solved it.

If you are storking the stoken in your own cookie for later use, you have to make sure it is deleted when the user logs out of Windows Live Services.

Otherwise, your site will still have the cookie with the token in it, and that will always create a valid user, because the token is specific to your site. It seems like that token we store should become invalid at some point, but it doesn't, and that's why your able to create a user when the iframe says they need to sign in. I hope I explained it clearly enough.

Also, I didn't imitate the Login Process. You should use ProcessToken(token, context) instead to create the User object.

Thanks. I will try to use ProcessToken instead of creating the user. By the way, should the context string parameter be the same appctx form parameter passed to the Windows Live service

Thanks

I think that the content is the page the user was viewing before signing in... example:

1. The user visits your site
2. He browses to the forums
3. He views a topic and clicks 'Reply' (topic.aspx tid=23452&mode=reply)
4. He is not authenticated and is redirected to login.live(-int).com
5. He logs in, live(-int) returns a token to the handler on your website
6. The handler decrypts the token
7. The handler redirects you to the page specified in the context (topic.aspx tid=23452&mode=reply in this case)

At least, I think that's what the context should do...