Best practice: Asp.net WebApp requires user authentication - what to do during development to avoid logging on again and again?

Question

When I develop an ASP.Net webapp, it almost always requires some kind of authentication - ie. the user must log in for stuff to work.

But when I am developing it, I don't want to have to log in every time I make a change to some code.

So right now for instance, I have a codeblock in my login.aspx, that automatically authenticates me as a certain userId - and redirects me back to the requested page.

I have a few other ideas that are more elegant for handling development vs. live - but I would like to hear how you handle the same situation.

Answer 1

I'm always lazy and just write some code to test for localhost.

Answer 2

I use Firefox for my client but have the debugger start up IE. I login with Firefox and when I start/stop the debugger, my Firefox client stays logged in. Only rarely do I have to actually login again -- typically when I've left it long enough that the session expires. I find that I can tolerate it and I don't introduce any code that may, in turn, introduce security problems to handle login differently in DEV.

Answer 3

You could alter your cookie implementation based on a debug build versus a production build. Keep your cookies persistent and you should be ok.

Answer 4

You could actually tackle the problem completely differently: Use unit tests tests to exercise small bits of your code. As unit tests run automatically (once started), you will save the time for logging in & navigating to the right page.

You will of course still have to do some end-to-end testing by logging in the regular way, but in my experience, if your unit tests all succeed, the probability of errors in the end-to-end test is much lower, hence much less restarts.

I've used this extensively when developing applications where triggering the functionality under development required a lot of clicking, and found it a great timesaver.

The suggestions in the other posts will of course still be helpful for the cases where you still need to run the app the normal way.

Answer 5

A technique I've sometimes used is to define a list of development machine names in a config file setting. The machine name is then compared at runtime to the list. If its in the list, then we can execute some special code to make development & debugging a little less tedious for everyone.