473,747 Members | 2,508 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

FormsAuthentica tion Cookie

A web.config file has the following code:

<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms name="NETConnec tCookie" loginUrl="Login .aspx">
<credentials passwordFormat= "SHA1"/>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Assuming that the local m/c does not have the cookie named
NETConnectCooki e, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.

When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):

<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentica tion.RedirectFr omLoginPage(txt UserName.Text,
True)
Response.Cookie s("NETConnectCo okie")("UserNam e") =
txtUserName.Tex t
End Sub
</script>

This does create the persistent cookie named NETConnectCooki e which
when opened, also shows the text 'UserName=bobby ' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Prod ucts.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookie s line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.

There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCooki e is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:

<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write( "Welcome " &
Request.Cookies ("NETConnectCoo kie")("UserName "))
End Sub
</script>

If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.

Response.Cookie s("Details")("U serName") = txtUserName.Tex t

& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message

Welcome bobby

But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:

Object reference not set to an instance of an object.

pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby '! Why?

What's the difference between a normal cookie & a cookie created by the
FormsAuthentica tion object?

Sep 27 '06 #1
2 2707
storing in cookies etc is taken care by asp.net .
dont add it explicitly.
but if you want to make it persistent.
as u had said use another cookie with diff name to make it persistent
--
Y2KPRABU, MCP, INDIA
WEB APPS
"rn**@rediffmai l.com" wrote:
A web.config file has the following code:

<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms name="NETConnec tCookie" loginUrl="Login .aspx">
<credentials passwordFormat= "SHA1"/>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Assuming that the local m/c does not have the cookie named
NETConnectCooki e, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.

When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):

<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentica tion.RedirectFr omLoginPage(txt UserName.Text,
True)
Response.Cookie s("NETConnectCo okie")("UserNam e") =
txtUserName.Tex t
End Sub
</script>

This does create the persistent cookie named NETConnectCooki e which
when opened, also shows the text 'UserName=bobby ' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Prod ucts.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookie s line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.

There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCooki e is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:

<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write( "Welcome " &
Request.Cookies ("NETConnectCoo kie")("UserName "))
End Sub
</script>

If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.

Response.Cookie s("Details")("U serName") = txtUserName.Tex t

& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message

Welcome bobby

But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:

Object reference not set to an instance of an object.

pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby '! Why?

What's the difference between a normal cookie & a cookie created by the
FormsAuthentica tion object?

Sep 27 '06 #2
I got your point but have encountered another problem. Keeping the
web.config file shown in post #1 as it is, I am adding the following
setting so that any user can access HomePage.aspx:

<location path="HomePage. aspx">
<system.web>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web>
</location>

Suppose a user comes to HomePage.aspx. From the home page, he tries to
navigate to another ASPX page, say, MyPage.aspx by clicking a link in
the home page. But the web.config file redirects the user to
Login.aspx. Assuming that the user has been validated successfully, he
is then directed to MyPage.aspx. Also assume that the username of the
user is bobby. When this user finally goes to MyPage.aspx, I want to
display a welcome message to him with his username i.e. MyPage.aspx
should display 'Welcome bobby'. To get the username in MyPage.aspx, I
am using the Name & Value properties of the HttpCookie object in
Login.aspx. This is the code in Login.aspx:

Sub LoginUser(obj As Object, ea As EventArgs)
'after successful login
Dim hCookie As HttpCookie

FormsAuthentica tion.RedirectFr omLoginPage(txt UserName.Text, True)
hCookie = FormsAuthentica tion.GetAuthCoo kie(txtUserName .Text, True)
hCookie.Name = "MyCookie"
hCookie.Value = txtUserName.Tex t
hCookie.Expires = DateTime.Now.Ad dMinutes(2)
Response.Cookie s.Add(hCookie)
End Sub

This is the simple code in MyPage.aspx:

Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
lblMessage.Text = "Welcome " & Request.Cookies ("MyCookie").Va lue
End Sub

When this user finally comes to MyPage.aspx, he is shown the message

Welcome bobby

Note that in Login.aspx, I have set the cookie to expire after 2
minutes which means that the user sees the welcome message along with
his username if he closes the browser he used to login & opens a new
browser within the next 2 minutes. But when I go to the Temporary
Internet Files folder & click the cookie, I find that the cookie has
been set to expire after 30 minutes though I have set it to expire
after 2 minutes. Why so?

What I found is if I get rid of the lines

hCookie.Name = "MyCookie"
hCookie.Value = txtUserName.Tex t

in Login.aspx, then the cookie gets set to expire after 2 minutes in
the Temporary Internet Files folder but if I get rid of these 2 lines
in Login.aspx, how do I retrieve the username of the user in
MyPage.aspx?

Also is there any way by which MyPage.aspx can access the first
parameter of the methods RedirectFromLog inPage & GetAuthCookie (which
is txtUserName.Tex t in this case)? If no, then what's the use of the
first parameter in the methods RedirectFromLog inPage & GetAuthCookie?
Y2KPRABU wrote:
storing in cookies etc is taken care by asp.net .
dont add it explicitly.
but if you want to make it persistent.
as u had said use another cookie with diff name to make it persistent
--
Y2KPRABU, MCP, INDIA
WEB APPS
"rn**@rediffmai l.com" wrote:
A web.config file has the following code:

<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms name="NETConnec tCookie" loginUrl="Login .aspx">
<credentials passwordFormat= "SHA1"/>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Assuming that the local m/c does not have the cookie named
NETConnectCooki e, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.

When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):

<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentica tion.RedirectFr omLoginPage(txt UserName.Text,
True)
Response.Cookie s("NETConnectCo okie")("UserNam e") =
txtUserName.Tex t
End Sub
</script>

This does create the persistent cookie named NETConnectCooki e which
when opened, also shows the text 'UserName=bobby ' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Prod ucts.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookie s line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.

There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCooki e is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:

<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write( "Welcome " &
Request.Cookies ("NETConnectCoo kie")("UserName "))
End Sub
</script>

If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.

Response.Cookie s("Details")("U serName") = txtUserName.Tex t

& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message

Welcome bobby

But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:

Object reference not set to an instance of an object.

pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby '! Why?

What's the difference between a normal cookie & a cookie created by the
FormsAuthentica tion object?
Sep 29 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
4764
by: George Durzi | last post by:
When you call FormsAuthentication.SignOut(), is the FormsAuthentication cookie supposed to be destroyed automatically? I'm creating my FormsAuthentication cookie by doing: HttpCookie oCookie = new HttpCookie(FormsAuthentication.FormsCookieName, sTicket); where sTicket is an encrypted FormsAuthenticationTicket. When I create the FormsAuthenticationTicket, I set its isPersistent property to false.
2
2717
by: StanD | last post by:
At the end of my login process I am generating my own Persistent FormsAuthentication ticket. I encode this and set a cookie value. I then use Response.Cookies.Add(cookie), and I continue the login process. The cookie is not persisted across sessions and does not appear in the cookie list on the client. If I use SetAuthCookie persistence works. What am I missing here, in not getting the desired effect with my own ticket? --
4
1950
by: Jeff B | last post by:
I am having a very perplexing problem with setting the user's roles. I have tried to figure this out for 2 days now. When the user logs in to the site, I retrieve the roles from the database and create a semicolon delimited string listing the roles returned and store them in the forms authentication cookie. Then in the global.asax Application_AuthenticateRequest, I retrieve the FormsAuthenticationTicket from the forms authentication...
2
1814
by: Grant Merwitz | last post by:
Hi, i am using forms authentication in an ASP.NET project I am setting the Forms authentication cookie by using: FormsAuthentication.RedirectFromLoginPage(UserName.Text, false); Now when i review my trace on my page, there are two cookies created that look identical. When i FormsAuthentication.SignOut() they both dissappear. Any ideas as to why two cookies are created?
4
8328
by: Matthias S. | last post by:
Hi there, I've created an application which is using Forms-based authentification. My Login-Button event handler looks somewhat like this: // validate the input, etc... // sUserName holds now the users name FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, sUserName, DateTime.Now, DateTime.Now.AddMinutes(20),false,
1
1995
by: Dean R. Henderson | last post by:
I setup FormsAuthentication on a couple websites where it has been working as expected for a long time. I used this code to setup the same type of authentication on a new website I am working on and the Cookie Name is not getting setup the same way. In my Web.config file, I use the following basic settings on both the old and new websites: <authentication mode="Forms"> <forms name="SiteAuth" loginUrl="Logon.aspx" protection="All"
5
4852
by: Åženol Akbulak | last post by:
Hello; I use in my web application FormsAuthentication. Also I use Session state (InProc). When a user logged in, I can read Session parameters. (For example Session). Problem is that, when user close the browser window then open a new browser, FormsAuthentication reads from cookie and user logs in. Althought user logged in, session parameter is null.
8
2645
by: Bill Henning | last post by:
Another developer and I have noticed that after upgrading to the ASP.NET 2.0 RTM release, when using: FormsAuthentication.SetAuthCookie(userName, true) That the cookie is no longer persisted, even though the flag is set to true in my call. This only started happening after upgrading from Beta 2 to RTM. Has anyone else seen this or does anyone else have a workaround? Thanks, Bill
3
7625
by: Noremac | last post by:
My google skills must be dwindling. I am trying to determine how in ASP.NET 2.0 I can get the ReturnUrl querystring variable in Forms Authentication to contain the absolute url. Just like others that have posed this question, we are an enterprise environment that has multiple websites across multiple servers and we are trying to setup Web SSO for our public internet site that will be accessible by our clients. ASP.NET seems to have...
0
8978
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8818
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9353
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9305
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9222
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8231
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6067
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
3296
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
2203
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.