473,788 Members | 2,905 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Forms Authentication with UserData Problem

Hi all,
I am running ASP.NET 2.0, after login I need to pass CustomerID in my
database instead of username to other pages. I added following code to my
login.aspx

protected void Login_Authentic ate(object sender, AuthenticateEve ntArgs e) {
//FormsAuthentica tion.SignOut();
if (Membership.Val idateUser(Login .UserName, Login.Password) ) {
int customerID = GetCustomerIDBy Username(Login. UserName);
if (customerID 0) {
FormsAuthentica tionTicket ticket = new FormsAuthentica tionTicket(1,
Login.UserName,
DateTime.Now,
DateTime.Now.Ad dMinutes(60),
Login.RememberM eSet,
customerID.ToSt ring(),
FormsAuthentica tion.FormsCooki ePath);

// Encrypt the ticket.
string encTicket = FormsAuthentica tion.Encrypt(ti cket);

// Create the cookie.
Response.Cookie s.Add(new HttpCookie(Form sAuthentication .FormsCookieNam e,
encTicket));

e.Authenticated = true;
} else {
e.Authenticated = false;
}
} else {
e.Authenticated = false;
}
}

Then I have another page to read this cookie, FormsIdentity identity =
Context.User.Id entity as FormsIdentity; I set a break point at this line, and
find out the cookie version is "2" instead of "1" I set in login.aspx. And I
cannot read my userData from cookie, it turns to be blank.

Anybody has idea what is wrong?

Thanks!
--
Regards
Hardy
Feb 15 '07 #1
1 7089
Hi there,

Login control does the same thing internally (passing String.Empty as user
defined data), please look at the exact code which is executed internally:

private void AttemptLogin()
{
if ((this.Page == null) || this.Page.IsVal id)
{
LoginCancelEven tArgs args1 = new LoginCancelEven tArgs();
this.OnLoggingI n(args1);
if (!args1.Cancel)
{
AuthenticateEve ntArgs args2 = new AuthenticateEve ntArgs();
this.OnAuthenti cate(args2);
if (args2.Authenti cated)
{
FormsAuthentica tion.SetAuthCoo kie(
this.UserNameIn ternal, this.RememberMe Set);
this.OnLoggedIn (EventArgs.Empt y);
this.Page.Respo nse.Redirect(
this.GetRedirec tUrl(), false);
}
else
{
//...
}
}
}
}

Because you're not redirecting after setting authentication cookie, login
control creates another cookie, that overwrites created one (version 2).
Provided code does the same thing so in theory you could redirect to request
page after cookie with custom data has been set:

// amended code you provided
// Create the cookie.
Response.Cookie s.Add(new HttpCookie(Form sAuthentication .FormsCookieNam e,
encTicket));
Response.Redire ct(this.GetRedi rectUrl(), true);

Beware current thread will be aborted, so you won't receive any events
(Login1_LoggedI n, page unload). Otherwise, it is not possible to attach user
data to form authentication cookie (of course when using login control)
without unpacking the ticket in Login.LoggedIn event handler, appending the
custom data and reissuing authentication cookie.

Hope this helps
--
Milosz
"Hardy Wang" wrote:
Hi all,
I am running ASP.NET 2.0, after login I need to pass CustomerID in my
database instead of username to other pages. I added following code to my
login.aspx

protected void Login_Authentic ate(object sender, AuthenticateEve ntArgs e) {
//FormsAuthentica tion.SignOut();
if (Membership.Val idateUser(Login .UserName, Login.Password) ) {
int customerID = GetCustomerIDBy Username(Login. UserName);
if (customerID 0) {
FormsAuthentica tionTicket ticket = new FormsAuthentica tionTicket(1,
Login.UserName,
DateTime.Now,
DateTime.Now.Ad dMinutes(60),
Login.RememberM eSet,
customerID.ToSt ring(),
FormsAuthentica tion.FormsCooki ePath);

// Encrypt the ticket.
string encTicket = FormsAuthentica tion.Encrypt(ti cket);

// Create the cookie.
Response.Cookie s.Add(new HttpCookie(Form sAuthentication .FormsCookieNam e,
encTicket));

e.Authenticated = true;
} else {
e.Authenticated = false;
}
} else {
e.Authenticated = false;
}
}

Then I have another page to read this cookie, FormsIdentity identity =
Context.User.Id entity as FormsIdentity; I set a break point at this line, and
find out the cookie version is "2" instead of "1" I set in login.aspx. And I
cannot read my userData from cookie, it turns to be blank.

Anybody has idea what is wrong?

Thanks!
--
Regards
Hardy
Feb 16 '07 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
2265
forms authentication question
by: bill yeager | last post by:
Everything is working in my authentication process except for the fact that I can't retrieve the "UserData" property from the "FormsAuthenticationTicket". Write before I do a "RedirectFromLoginPage", I check the "UserData" property of the "FormsAuthenticationTicket". It's set to the value "Admin" (a role for the user) which is what I want. Here is the code:
ASP.NET
11
1721
HELP: Authentication code
by: VB Programmer | last post by:
PLEASE HELP.... I'm having trouble. In my login form after I've verified the username/password are valid I do this: Select Case iMyPrivilege Case 0 Dim arrRoles() As String = {"guest"} Context.User = New System.Security.Principal.GenericPrincipal(User.Identity, arrRoles) Case 1
ASP.NET
1
6373
forms authentication ticket .userdata vanishing
by: e | last post by:
I'm using forms authentication on a site. When the user logs in via the login page, the entered creds are checked against AD, and if valid, an encrypted forms authentication ticket is produced and stored in the forms auth cookie (and written to the client), using this code: ____________________ 'create the forms auth ticket objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _ DateTime.Now, DateTime.Now.AddMinutes(8),...
ASP.NET
3
4744
Forms authentication - credential store
by: Martin | last post by:
Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I cannot write to web.config so I cannot dynamically update the credentials while the site is up. Since the FormsAuthentication.Authenticate() method's documentations claims the following: "Attempts to validate the credentials against those contained...
ASP.NET
5
1774
Forms Login Page Not Login Out
by: Kenneth Keeley | last post by:
Hi, I have a web app that has forms authentication and I can login to the page the first time I go there but it never times me out if I come back in 24 hours a hit the refresh key the page loads and I am still logged in. My session details are gone but I am still logged. These are the settings I am using are they right or do I need to change them? <system.web> <authentication mode="Forms">
ASP.NET
2
1446
Setting Roles with Forms Authentication and Access 2003
by: Ed | last post by:
Hi I currently have an asp.NET project. I'm using Access 2003 and forms authentication to authenticate users. Can anyone tell me how to set the roles in asp.NET so that it recognizes them? The logging in portion of my code works...What I need to know is how to allow access to certain pages to users with an administrator role while blocking access to regular users. My database has 3 columns, username, password, and roles. It is the last...
ASP.NET
3
2364
Forms Authenication Cookie Not Expiring Correctly
by: Mike | last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have expired the forms authentication cookie is assigned a new value. I am never redirected to the login page after my initial login. If I access the site from http://localhost/myapp instead of myapp.domain.com the cookies expire correctly. The cookie...
ASP.NET
1
1643
Forms Authentication UserData
by: Brian Shannon | last post by:
Using forms authentication I want to add several pieces of data to the UserData property in the Forms Ticket. I want to include roles, email, user ID. From reading it seems like you add all that to a string and add it to the UserData property. If that is the case how do you access each individual piece such as email. I am not completely up to date with using ASP.NET's cookies so bare with me.
ASP.NET
0
1326
Problem with forms authentication roles
by: Sean Patterson | last post by:
Hey all, I've followed the examples online on how to use Forms Authentication to create a ticket, assign it a role, and then intercept it in the Global.asax file to make sure it gets sucked in to the IPrincipal. This has worked on some other apps, but my code isn't working in my new one for some reason. Here's my CreateCredentials code: Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As String)
ASP.NET
3
2307
Forms Authentication Ticket/Cookie values
by: chuck rudolph | last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some light on why it's as it is. (I'm guessing security, but that seems weak to me.) The asp.net web application is using forms authentication. If I create an FormsAuthTicket with userdata in the approprite place. Then encode it and create a cookie, add it to the response.cookie collection and use it all is well.
ASP.NET
0
9656
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10364
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10172
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
7517
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6750
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5536
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4069
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3670
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2894
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us