Thanks for your reply Chris,
Regarding on your new questions ,here are my understanding on this:
The FormsIdentity class you reference, is that a
custom class I have to write that implements IIdentity or is it just
available.
=============== =============== ========
Sure, it is a built-in class which is used to represent security identity
in forms authentication context. This is used in both ASP.NET 1.x and 2.0
by the forms authentication Module, it will be automatically created in
each request(as long as the current user has been authenticated).
Second, how do I actually store the custom information? From the looks of
it, I pass infomration into the constructor of the
FormsAuthentica tionTicket,
but which parameter does it? Is it the "1" that you pass in?
=============== =============== ===========
No. "1" is the version number. It is the "some custom data want to store in
ticket...." which can be any custom data you want to store in the
authentication ticket. Custom data can only be string value, it is also
limited by the natural of cookie. You find the clear definition of the
Ticket class's constructor below:
#FormsAuthentic ationTicket.For msAuthenticatio nTicket(Int32, String,
DateTime, DateTime, Boolean, String, String) Constructor
http://msdn2.microsoft.com/en-us/library/kybcs83h.aspx
How can I easily access this information later? It looks like once you
pass
the information into the cookie, you can pull it out using
identity.Ticket .UserData. However, isn't this just implementing a custom
IIdentity...whi ch is kind of the asp.net 1.1 way?
=============== =============== =============
As I have mentioned, FormsIdentity is a built-in class dedicated for
representing forms authenticated user identity, this is used from 1.x to
2.0. You can easily get this identity in each page request through
HttpContext.Cur rent.User. Also, ASP.NET 2.0 is using the same means to
create forms authentication ticket and store it in cookie, and retrieve it
back in each request(in FormsAuthentica tion httpmodule). There is no
difference on these code, the only difference is that ASP.NET 2.0 have done
this for you internally and save you from coding these yourself. So what
you need to do is just add the custom string data at user's
login/authentication time and then access it through Context.Use whenever
you need it.
Doens't the membership provider set a forms auth cookie for me
automatically? Will setting the cookie manually cause a problem?
=============== =============== ==============
Well, this is a good question. ASP.NET 2.0 add the membership service which
can help simplify the custom security/user management. However, remember
that membership provider and forms authentication are totally separated,
you can use forms authentication without membership service(do it yourself
as ASP.NET 1.X). Or you can simply call membershp API without enabling
forms authentication.
No, "setting cookie manually" won't cause any problem, ASP.NET 2.0
FormsAuthentica tions class use the same code to generate the ticket and add
it into resposne cookie collection(defa ult behavior). Here is the
diassembled code from reflector
>>>>>>>FormsAut hentication.Get AuthCookie>>>>> >>>>>>>>
private static HttpCookie GetAuthCookie(s tring userName, bool
createPersisten tCookie, string strCookiePath, bool hexEncodedTicke t)
{
FormsAuthentica tion.Initialize ();
if (userName == null)
{
userName = string.Empty;
}
if ((strCookiePath == null) || (strCookiePath. Length < 1))
{
strCookiePath = FormsAuthentica tion.FormsCooki ePath;
}
FormsAuthentica tionTicket ticket1 = new FormsAuthentica tionTicket(2,
userName, DateTime.Now, DateTime.Now.Ad dMinutes((doubl e)
FormsAuthentica tion._Timeout), createPersisten tCookie, string.Empty,
strCookiePath);
string text1 = FormsAuthentica tion.Encrypt(ti cket1, hexEncodedTicke t);
if ((text1 == null) || (text1.Length < 1))
{
throw new
HttpException(S R.GetString("Un able_to_encrypt _cookie_ticket" ));
}
HttpCookie cookie1 = new
HttpCookie(Form sAuthentication .FormsCookieNam e, text1);
cookie1.HttpOnl y = true;
cookie1.Path = strCookiePath;
cookie1.Secure = FormsAuthentica tion._RequireSS L;
if (FormsAuthentic ation._CookieDo main != null)
{
cookie1.Domain = FormsAuthentica tion._CookieDom ain;
}
if (ticket1.IsPers istent)
{
cookie1.Expires = ticket1.Expirat ion;
}
return cookie1;
}
<<<<<<<<<<<<<<< <<<<<<<<<<<<<<< <
Since you need to add custom data here, you need to manually create the
Ticket and add it into response's Cookie collection. All the API used here
are public ones, nothing incorrect.
Is there any way to intercept the data from the Membership provider? As it
stands, the membership provider will go to the database to authenticate the
user, then I will have to go to the database manually again just to get
their
user information. I tried finding an event that would return the data as
with an objectdatasoure , but I haven't found any. Is there any way to
avoid
this extra call that the Membership provider is doing anyway.
=============== =============== =============== ===
Membership API has nothing to do with forms authentication. Membershp API
just help retrieve or update the data in membership database tables. If
you're using forms authentication and want to store cached data through
forms authentication ticket, you should use forms authentication API rather
than membershp API.
If there is anything unclear, please feel free to let me know.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.