I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________
'create the forms auth ticket
objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8), False, _
"Data string I want to keep in the Ticket .UserData property")
'encrypt it
strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)
'stick it in the forms auth cookie
objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
strEncryptedTicket)
'place the cookie on the client
Response.Cookies.Add(objAuthCookie)
____________________
If I immediately retreive the cookie using this code:
____________________
'pick up the cookie from the client
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
....and examine the objAuthTicket.UserData, it contains the expected result:
"Data string I want to keep in the Ticket .UserData property"
However in Global.asax, in the Application_AuthenticateRequest event (which
is whre I need to read this ticket data for impersonation & security
purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
into a ticket object using the exact same code as before:
____________________
'pick up the cookie
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
....and examine the objAuthTicket.Userdata, it now contains an unexpected
result:
""
Nothing. The issue date, expiration date, name, isPersistant, all other
aspects of the ticket have correct values, but the userData is now
nullstring. Does anyone have any ideas as to why that is? The login button
click handler and the Application_AuthenticateRequest event are the only 2
places I'm ever touching the cookie in the entire app.
1  6319 
"e" <e@e.com> wrote in message news:G_********************@speakeasy.net... I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________
'create the forms auth ticket
objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8), False, _
"Data string I want to keep in the Ticket .UserData property")
'encrypt it
strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)
'stick it in the forms auth cookie
objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
strEncryptedTicket)
'place the cookie on the client
Response.Cookies.Add(objAuthCookie)
____________________
If I immediately retreive the cookie using this code:
____________________
'pick up the cookie from the client
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
...and examine the objAuthTicket.UserData, it contains the expected
result:
"Data string I want to keep in the Ticket .UserData property"
However in Global.asax, in the Application_AuthenticateRequest event
(which is whre I need to read this ticket data for impersonation & security
purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
into a ticket object using the exact same code as before:
____________________
'pick up the cookie
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
...and examine the objAuthTicket.Userdata, it now contains an unexpected
result:
""
Nothing. The issue date, expiration date, name, isPersistant, all other
aspects of the ticket have correct values, but the userData is now
nullstring. Does anyone have any ideas as to why that is? The login
button click handler and the Application_AuthenticateRequest event are the only 2
places I'm ever touching the cookie in the entire app.
I don't know why your code doesn't work, but in my code, I use the
FormsAuthenticationTicket directly:
if (!Request.IsAuthenticated) return;
FormsIdentity fi = (FormsIdentity) User.Identity;
FormsAuthenticationTicket ticket = fi.Ticket;
// You can now use ticket.UserData
--
John This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: bill yeager |
last post by:
Everything is working in my authentication process except
for the fact that I can't retrieve the "UserData" property
from the "FormsAuthenticationTicket".
Write before I do a...
|
by: VB Programmer |
last post by:
PLEASE HELP....
I'm having trouble. In my login form after I've verified the
username/password are valid I do this:
Select Case iMyPrivilege
Case 0
Dim arrRoles() As String = {"guest"}...
|
by: Martin |
last post by:
Dear fellow ASP.NET programmer,
I stared using forms authentication and temporarily used a <credentials> tag
in web.config. After I got it working I realized this wasn't really
practical. I...
|
by: Kenneth Keeley |
last post by:
Hi,
I have a web app that has forms authentication and I can login to the
page the first time I go there but it never times me out if I come back in
24 hours a hit the refresh key the page loads...
|
by: Mike |
last post by:
I have a web application that the forms authentication cookie is not expiring correctly. When I look at the trace information of a newly requested page after the session and forms authentication have...
|
by: Trevor Andrew |
last post by:
Hi There,
Hopefully this isn't too difficult a question to express here. I have a 3
tier application.
1. Presentation Tier: ASP.NET web application. 2. Middle Tier: ASP.NET Web
Services that...
|
by: Sean Patterson |
last post by:
Hey all,
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in...
|
by: chuck rudolph |
last post by:
Folks, Can anyone confirm that my understading is correct and maybe shed some
light on why it's as it is. (I'm guessing security, but that seems weak to
me.)
The asp.net web application is using...
|
by: =?Utf-8?B?SGFyZHkgV2FuZw==?= |
last post by:
Hi all,
I am running ASP.NET 2.0, after login I need to pass CustomerID in my
database instead of username to other pages. I added following code to my
login.aspx
protected void...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM)
The start time is equivalent to 19:00 (7PM) in Central...
|
by: lllomh |
last post by:
Define the method first
this.state = {
buttonBackgroundColor: 'green',
isBlinking: false, // A new status is added to identify whether the button is blinking or not
}
autoStart=()=>{
|
by: Mushico |
last post by:
How to calculate date of retirement from date of birth
|
by: DJRhino |
last post by:
Was curious if anyone else was having this same issue or not....
I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
|
by: tracyyun |
last post by:
Hello everyone,
I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
|
by: giovanniandrean |
last post by:
The energy model is structured as follows and uses excel sheets to give input data:
1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
|
by: Teri B |
last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course.
0ne-to-many. One course many roles.
Then I created a report based on the Course form and...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
| |
