We followed an example found on MSDN to create an encrypted
FormsAuthentica tionTicket and storing the ticket in a cookie. Is this the
"correct" way to store the authentication ticket? We are attempting to
create a web service from the web application and our goal is to have the
user login to the web application and then, using the same credentials
and/or authentication objects, access the web services to retrieve our data
from other internal servers. It's pretty difficult to find this information
on the web :)
What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?
Thanks,
Mythran 2 2006
Does this help? http://aspalliance.com/805_Soap_Head...n_Web_Services
Peter
"Mythran" <ki********@hot mail.comwrote in message
news:1E******** *************** ***********@mic rosoft.com...
We followed an example found on MSDN to create an encrypted
FormsAuthentica tionTicket and storing the ticket in a cookie. Is this the
"correct" way to store the authentication ticket? We are attempting to
create a web service from the web application and our goal is to have the
user login to the web application and then, using the same credentials
and/or authentication objects, access the web services to retrieve our
data from other internal servers. It's pretty difficult to find this
information on the web :)
What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?
Thanks,
Mythran
"Peter Bradley" <pb******@uwic. ac.ukwrote in message
news:#M******** ******@TK2MSFTN GP03.phx.gbl...
Does this help?
http://aspalliance.com/805_Soap_Head...n_Web_Services
Peter
"Mythran" <ki********@hot mail.comwrote in message
news:1E******** *************** ***********@mic rosoft.com...
>We followed an example found on MSDN to create an encrypted FormsAuthentic ationTicket and storing the ticket in a cookie. Is this the "correct" way to store the authentication ticket? We are attempting to create a web service from the web application and our goal is to have the user login to the web application and then, using the same credentials and/or authentication objects, access the web services to retrieve our data from other internal servers. It's pretty difficult to find this information on the web :)
What other options are there for storing a user's credentials and then accessing them on every call to the page and have the web service use the same credentials for it's security?
Thanks, Mythran
Thanks for the link, reading it now and hope it helps us...
Now, for the 2nd paragraph in my OP...what options are there for storing the
user id and pwd across postbacks (same session) w/o using the session nor
database? Is storing the user name and password hash in an encrypted form
as a cookie on the user's machine a good idea? I don't feel very
safe/secure with store a users password (hashed or not) in any form anywhere
outside of a database, but sometimes you gotta do what you gotta do...any
suggestions for this?
Thanks,
Mythran This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: e |
last post by:
I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________
'create the forms auth ticket
objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8),...
|
by: john |
last post by:
I have 2 questions:
1. I am trying to use forms authentication. When the user logs out, I
make these function
calls:
Session.Abandon();
FormsAuthentication.SignOut();
But after they log out, the user can (e.g. through the web history) go
and look at any pages that were already viewed when the session was
going on because of the cache. I don't want them to be able to do
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I cannot write to web.config so I cannot dynamically update the
credentials while the site is up. Since the
FormsAuthentication.Authenticate() method's documentations claims the
following:
"Attempts to validate the credentials against those contained...
|
by: Kenneth Keeley |
last post by:
Hi,
I have a web app that has forms authentication and I can login to the
page the first time I go there but it never times me out if I come back in
24 hours a hit the refresh key the page loads and I am still logged in. My
session details are gone but I am still logged.
These are the settings I am using are they right or do I need to change
them?
<system.web>
<authentication mode="Forms">
|
by: nicholas |
last post by:
I'm using role based forms authetication with user-info in a database.
I used this with a SQL database (sql 2000 server) and it worked 100%.
Now, I want to use the same code, but with a database in MS Access Xp.
If I insert a wrong login or pass on the login page, the error message
appears.
But when I insert the right login and pass, I'm not redirected to the index
page, it just reloads the login-page.
| |
by: Sean Patterson |
last post by:
Hey all,
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in to the IPrincipal. This
has worked on some other apps, but my code isn't working in my new one
for some reason. Here's my CreateCredentials code:
Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As
String)
|
by: pv_kannan |
last post by:
I recently found out that my authentication cookies are not expiring
even though I have set the persist property to false. As a result,
users are able to access the secure websites with indifferent results.
Any pointers/suggestions would be very appreciated.
Things were running as usual till until recently.
Here are the relevant pieces of code
==========================================
|
by: Mark Olbert |
last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly
because I don't want to create my own provider at this point, and the supplied stuff comes with a lot of baggage I don't want/need).
In ASPNET1.1 what I would do was something like the following, after authenticating the user on the login form:
FormsAuthentication.SetAuthCookie(userInfo.UserID, false);
...
|
by: Peter Bradley |
last post by:
We are in the process of designing our first ASP.NET 2.0 application and
have discovered that Forms Authentication works completely differently in
ASP.NET 2.0.
For a number of reasons, we cannot use the standard login component supplied
with ASP.NET 2.0 (e.g. we need full control of the look and feel - including
using CSS and not tables for layout - and we need to be able to handle the
authentication cookie ourselves rather than let a...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |