468,103 Members | 1,273 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,103 developers. It's quick & easy.

forms authentication ticket .userdata vanishing

e
I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________

'create the forms auth ticket

objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8), False, _
"Data string I want to keep in the Ticket .UserData property")

'encrypt it

strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)

'stick it in the forms auth cookie

objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
strEncryptedTicket)

'place the cookie on the client

Response.Cookies.Add(objAuthCookie)
____________________

If I immediately retreive the cookie using this code:
____________________

'pick up the cookie from the client

objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)

'decrypt/extract the ticket object from the cookie

objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________

....and examine the objAuthTicket.UserData, it contains the expected result:

"Data string I want to keep in the Ticket .UserData property"

However in Global.asax, in the Application_AuthenticateRequest event (which
is whre I need to read this ticket data for impersonation & security
purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
into a ticket object using the exact same code as before:
____________________

'pick up the cookie

objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)

'decrypt/extract the ticket object from the cookie

objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________

....and examine the objAuthTicket.Userdata, it now contains an unexpected
result:

""

Nothing. The issue date, expiration date, name, isPersistant, all other
aspects of the ticket have correct values, but the userData is now
nullstring. Does anyone have any ideas as to why that is? The login button
click handler and the Application_AuthenticateRequest event are the only 2
places I'm ever touching the cookie in the entire app.
Nov 17 '05 #1
1 6129
"e" <e@e.com> wrote in message news:G_********************@speakeasy.net...
I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________

'create the forms auth ticket

objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8), False, _
"Data string I want to keep in the Ticket .UserData property")

'encrypt it

strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)

'stick it in the forms auth cookie

objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
strEncryptedTicket)

'place the cookie on the client

Response.Cookies.Add(objAuthCookie)
____________________

If I immediately retreive the cookie using this code:
____________________

'pick up the cookie from the client

objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)

'decrypt/extract the ticket object from the cookie

objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________

...and examine the objAuthTicket.UserData, it contains the expected result:
"Data string I want to keep in the Ticket .UserData property"

However in Global.asax, in the Application_AuthenticateRequest event (which is whre I need to read this ticket data for impersonation & security
purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
into a ticket object using the exact same code as before:
____________________

'pick up the cookie

objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieNam e)

'decrypt/extract the ticket object from the cookie

objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________

...and examine the objAuthTicket.Userdata, it now contains an unexpected
result:

""

Nothing. The issue date, expiration date, name, isPersistant, all other
aspects of the ticket have correct values, but the userData is now
nullstring. Does anyone have any ideas as to why that is? The login button click handler and the Application_AuthenticateRequest event are the only 2
places I'm ever touching the cookie in the entire app.

I don't know why your code doesn't work, but in my code, I use the
FormsAuthenticationTicket directly:

if (!Request.IsAuthenticated) return;

FormsIdentity fi = (FormsIdentity) User.Identity;
FormsAuthenticationTicket ticket = fi.Ticket;
// You can now use ticket.UserData
--
John
Nov 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by bill yeager | last post: by
11 posts views Thread by VB Programmer | last post: by
3 posts views Thread by Martin | last post: by
5 posts views Thread by Kenneth Keeley | last post: by
reply views Thread by Sean Patterson | last post: by
3 posts views Thread by chuck rudolph | last post: by
1 post views Thread by =?Utf-8?B?SGFyZHkgV2FuZw==?= | last post: by
1 post views Thread by Solo | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.