I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
_______________ _____
'create the forms auth ticket
objAuthTicket = New FormsAuthentica tionTicket(1, txtUsername.Tex t, _
DateTime.Now, DateTime.Now.Ad dMinutes(8), False, _
"Data string I want to keep in the Ticket .UserData property")
'encrypt it
strEncryptedTic ket = FormsAuthentica tion.Encrypt(ob jAuthTicket)
'stick it in the forms auth cookie
objAuthCookie = New HttpCookie(Form sAuthentication .FormsCookieNam e, _
strEncryptedTic ket)
'place the cookie on the client
Response.Cookie s.Add(objAuthCo okie)
_______________ _____
If I immediately retreive the cookie using this code:
_______________ _____
'pick up the cookie from the client
objAuthCookie = Request.Cookies (FormsAuthentic ation.FormsCook ieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentica tion.Decrypt(ob jAuthCookie.Val ue)
_______________ _____
....and examine the objAuthTicket.U serData, it contains the expected result:
"Data string I want to keep in the Ticket .UserData property"
However in Global.asax, in the Application_Aut henticateReques t event (which
is whre I need to read this ticket data for impersonation & security
purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
into a ticket object using the exact same code as before:
_______________ _____
'pick up the cookie
objAuthCookie = Request.Cookies (FormsAuthentic ation.FormsCook ieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentica tion.Decrypt(ob jAuthCookie.Val ue)
_______________ _____
....and examine the objAuthTicket.U serdata, it now contains an unexpected
result:
""
Nothing. The issue date, expiration date, name, isPersistant, all other
aspects of the ticket have correct values, but the userData is now
nullstring. Does anyone have any ideas as to why that is? The login button
click handler and the Application_Aut henticateReques t event are the only 2
places I'm ever touching the cookie in the entire app. 1 6372
"e" <e@e.com> wrote in message news:G_******** ************@sp eakeasy.net... I'm using forms authentication on a site. When the user logs in via the login page, the entered creds are checked against AD, and if valid, an encrypted forms authentication ticket is produced and stored in the forms auth cookie (and written to the client), using this code: _______________ _____
'create the forms auth ticket
objAuthTicket = New FormsAuthentica tionTicket(1, txtUsername.Tex t, _ DateTime.Now, DateTime.Now.Ad dMinutes(8), False, _ "Data string I want to keep in the Ticket .UserData property")
'encrypt it
strEncryptedTic ket = FormsAuthentica tion.Encrypt(ob jAuthTicket)
'stick it in the forms auth cookie
objAuthCookie = New HttpCookie(Form sAuthentication .FormsCookieNam e, _ strEncryptedTic ket)
'place the cookie on the client
Response.Cookie s.Add(objAuthCo okie) _______________ _____
If I immediately retreive the cookie using this code: _______________ _____
'pick up the cookie from the client
objAuthCookie = Request.Cookies (FormsAuthentic ation.FormsCook ieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentica tion.Decrypt(ob jAuthCookie.Val ue) _______________ _____
...and examine the objAuthTicket.U serData, it contains the expected
result: "Data string I want to keep in the Ticket .UserData property"
However in Global.asax, in the Application_Aut henticateReques t event
(which is whre I need to read this ticket data for impersonation & security purposes), I retreive the cookie (if it exists), decrypt the cookie.Value into a ticket object using the exact same code as before: _______________ _____
'pick up the cookie
objAuthCookie = Request.Cookies (FormsAuthentic ation.FormsCook ieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentica tion.Decrypt(ob jAuthCookie.Val ue) _______________ _____
...and examine the objAuthTicket.U serdata, it now contains an unexpected result:
""
Nothing. The issue date, expiration date, name, isPersistant, all other aspects of the ticket have correct values, but the userData is now nullstring. Does anyone have any ideas as to why that is? The login
button click handler and the Application_Aut henticateReques t event are the only 2 places I'm ever touching the cookie in the entire app.
I don't know why your code doesn't work, but in my code, I use the
FormsAuthentica tionTicket directly:
if (!Request.IsAut henticated) return;
FormsIdentity fi = (FormsIdentity) User.Identity;
FormsAuthentica tionTicket ticket = fi.Ticket;
// You can now use ticket.UserData
--
John This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: bill yeager |
last post by:
Everything is working in my authentication process except
for the fact that I can't retrieve the "UserData" property
from the "FormsAuthenticationTicket".
Write before I do a "RedirectFromLoginPage", I check
the "UserData" property of
the "FormsAuthenticationTicket". It's set to the
value "Admin" (a role for the user) which is what I want.
Here is the code:
|
by: VB Programmer |
last post by:
PLEASE HELP....
I'm having trouble. In my login form after I've verified the
username/password are valid I do this:
Select Case iMyPrivilege
Case 0
Dim arrRoles() As String = {"guest"}
Context.User = New
System.Security.Principal.GenericPrincipal(User.Identity, arrRoles)
Case 1
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I cannot write to web.config so I cannot dynamically update the
credentials while the site is up. Since the
FormsAuthentication.Authenticate() method's documentations claims the
following:
"Attempts to validate the credentials against those contained...
|
by: Kenneth Keeley |
last post by:
Hi,
I have a web app that has forms authentication and I can login to the
page the first time I go there but it never times me out if I come back in
24 hours a hit the refresh key the page loads and I am still logged in. My
session details are gone but I am still logged.
These are the settings I am using are they right or do I need to change
them?
<system.web>
<authentication mode="Forms">
|
by: Mike |
last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have expired the forms authentication cookie is assigned a new value. I am never redirected to the login page after my initial login. If I access the site from http://localhost/myapp instead of myapp.domain.com the cookies expire correctly. The cookie...
| |
by: Trevor Andrew |
last post by:
Hi There,
Hopefully this isn't too difficult a question to express here. I have a 3
tier application.
1. Presentation Tier: ASP.NET web application. 2. Middle Tier: ASP.NET Web
Services that invoke COM based API for a third party product. 3. Data Tier: A
SQL Server database that I can only access via the API.
The user authentication for the web application is actually done via a call
|
by: Sean Patterson |
last post by:
Hey all,
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in to the IPrincipal. This
has worked on some other apps, but my code isn't working in my new one
for some reason. Here's my CreateCredentials code:
Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As
String)
|
by: chuck rudolph |
last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some
light on why it's as it is. (I'm guessing security, but that seems weak to
me.)
The asp.net web application is using forms authentication.
If I create an FormsAuthTicket with userdata in the approprite place. Then
encode it and create a cookie, add it to the response.cookie collection and
use it all is well.
|
by: =?Utf-8?B?SGFyZHkgV2FuZw==?= |
last post by:
Hi all,
I am running ASP.NET 2.0, after login I need to pass CustomerID in my
database instead of username to other pages. I added following code to my
login.aspx
protected void Login_Authenticate(object sender, AuthenticateEventArgs e) {
//FormsAuthentication.SignOut();
if (Membership.ValidateUser(Login.UserName, Login.Password)) {
int customerID = GetCustomerIDByUsername(Login.UserName);
if (customerID 0) {
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |