473,480 Members | 1,663 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

FormsAuthentication Cookie

A web.config file has the following code:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="NETConnectCookie" loginUrl="Login.aspx">
<credentials passwordFormat="SHA1"/>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Assuming that the local m/c does not have the cookie named
NETConnectCookie, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.

When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):

<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text,
True)
Response.Cookies("NETConnectCookie")("UserName") =
txtUserName.Text
End Sub
</script>

This does create the persistent cookie named NETConnectCookie which
when opened, also shows the text 'UserName=bobby' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Products.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookies line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.

There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCookie is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:

<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write("Welcome " &
Request.Cookies("NETConnectCookie")("UserName"))
End Sub
</script>

If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.

Response.Cookies("Details")("UserName") = txtUserName.Text

& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message

Welcome bobby

But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:

Object reference not set to an instance of an object.

pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby'! Why?

What's the difference between a normal cookie & a cookie created by the
FormsAuthentication object?

Sep 27 '06 #1
2 2690
storing in cookies etc is taken care by asp.net .
dont add it explicitly.
but if you want to make it persistent.
as u had said use another cookie with diff name to make it persistent
--
Y2KPRABU, MCP, INDIA
WEB APPS
"rn**@rediffmail.com" wrote:
A web.config file has the following code:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="NETConnectCookie" loginUrl="Login.aspx">
<credentials passwordFormat="SHA1"/>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Assuming that the local m/c does not have the cookie named
NETConnectCookie, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.

When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):

<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text,
True)
Response.Cookies("NETConnectCookie")("UserName") =
txtUserName.Text
End Sub
</script>

This does create the persistent cookie named NETConnectCookie which
when opened, also shows the text 'UserName=bobby' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Products.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookies line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.

There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCookie is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:

<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write("Welcome " &
Request.Cookies("NETConnectCookie")("UserName"))
End Sub
</script>

If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.

Response.Cookies("Details")("UserName") = txtUserName.Text

& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message

Welcome bobby

But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:

Object reference not set to an instance of an object.

pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby'! Why?

What's the difference between a normal cookie & a cookie created by the
FormsAuthentication object?

Sep 27 '06 #2
I got your point but have encountered another problem. Keeping the
web.config file shown in post #1 as it is, I am adding the following
setting so that any user can access HomePage.aspx:

<location path="HomePage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

Suppose a user comes to HomePage.aspx. From the home page, he tries to
navigate to another ASPX page, say, MyPage.aspx by clicking a link in
the home page. But the web.config file redirects the user to
Login.aspx. Assuming that the user has been validated successfully, he
is then directed to MyPage.aspx. Also assume that the username of the
user is bobby. When this user finally goes to MyPage.aspx, I want to
display a welcome message to him with his username i.e. MyPage.aspx
should display 'Welcome bobby'. To get the username in MyPage.aspx, I
am using the Name & Value properties of the HttpCookie object in
Login.aspx. This is the code in Login.aspx:

Sub LoginUser(obj As Object, ea As EventArgs)
'after successful login
Dim hCookie As HttpCookie

FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, True)
hCookie = FormsAuthentication.GetAuthCookie(txtUserName.Text , True)
hCookie.Name = "MyCookie"
hCookie.Value = txtUserName.Text
hCookie.Expires = DateTime.Now.AddMinutes(2)
Response.Cookies.Add(hCookie)
End Sub

This is the simple code in MyPage.aspx:

Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
lblMessage.Text = "Welcome " & Request.Cookies("MyCookie").Value
End Sub

When this user finally comes to MyPage.aspx, he is shown the message

Welcome bobby

Note that in Login.aspx, I have set the cookie to expire after 2
minutes which means that the user sees the welcome message along with
his username if he closes the browser he used to login & opens a new
browser within the next 2 minutes. But when I go to the Temporary
Internet Files folder & click the cookie, I find that the cookie has
been set to expire after 30 minutes though I have set it to expire
after 2 minutes. Why so?

What I found is if I get rid of the lines

hCookie.Name = "MyCookie"
hCookie.Value = txtUserName.Text

in Login.aspx, then the cookie gets set to expire after 2 minutes in
the Temporary Internet Files folder but if I get rid of these 2 lines
in Login.aspx, how do I retrieve the username of the user in
MyPage.aspx?

Also is there any way by which MyPage.aspx can access the first
parameter of the methods RedirectFromLoginPage & GetAuthCookie (which
is txtUserName.Text in this case)? If no, then what's the use of the
first parameter in the methods RedirectFromLoginPage & GetAuthCookie?
Y2KPRABU wrote:
storing in cookies etc is taken care by asp.net .
dont add it explicitly.
but if you want to make it persistent.
as u had said use another cookie with diff name to make it persistent
--
Y2KPRABU, MCP, INDIA
WEB APPS
"rn**@rediffmail.com" wrote:
A web.config file has the following code:

<configuration>
<system.web>
<authentication mode="Forms">
<forms name="NETConnectCookie" loginUrl="Login.aspx">
<credentials passwordFormat="SHA1"/>
</forms>
</authentication>
</system.web>

<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>

Assuming that the local m/c does not have the cookie named
NETConnectCookie, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.

When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):

<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text,
True)
Response.Cookies("NETConnectCookie")("UserName") =
txtUserName.Text
End Sub
</script>

This does create the persistent cookie named NETConnectCookie which
when opened, also shows the text 'UserName=bobby' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Products.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookies line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.

There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCookie is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:

<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write("Welcome " &
Request.Cookies("NETConnectCookie")("UserName"))
End Sub
</script>

If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.

Response.Cookies("Details")("UserName") = txtUserName.Text

& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message

Welcome bobby

But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:

Object reference not set to an instance of an object.

pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby'! Why?

What's the difference between a normal cookie & a cookie created by the
FormsAuthentication object?
Sep 29 '06 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
4744
FormsAuthentication Cookie Q
by: George Durzi | last post by:
When you call FormsAuthentication.SignOut(), is the FormsAuthentication cookie supposed to be destroyed automatically? I'm creating my FormsAuthentication cookie by doing: HttpCookie oCookie =...
ASP.NET
2
2703
FormsAuthentication ticket persistence
by: StanD | last post by:
At the end of my login process I am generating my own Persistent FormsAuthentication ticket. I encode this and set a cookie value. I then use Response.Cookies.Add(cookie), and I continue the...
ASP.NET
4
1911
DESPERATE: FormsAuthentication Problem
by: Jeff B | last post by:
I am having a very perplexing problem with setting the user's roles. I have tried to figure this out for 2 days now. When the user logs in to the site, I retrieve the roles from the database and...
ASP.NET
2
1800
formsauthentication
by: Grant Merwitz | last post by:
Hi, i am using forms authentication in an ASP.NET project I am setting the Forms authentication cookie by using: FormsAuthentication.RedirectFromLoginPage(UserName.Text, false); Now when i...
ASP.NET
4
8297
FormsAuthentication.SignOut() not working when manually creatinga ticket?
by: Matthias S. | last post by:
Hi there, I've created an application which is using Forms-based authentification. My Login-Button event handler looks somewhat like this: // validate the input, etc... // sUserName holds now...
ASP.NET
1
1964
FormsAuthentication works as expected on a couple older websites, but not the same on a new website...
by: Dean R. Henderson | last post by:
I setup FormsAuthentication on a couple websites where it has been working as expected for a long time. I used this code to setup the same type of authentication on a new website I am working on...
ASP.NET
5
4819
using Session with FormsAuthentication
by: Åženol Akbulak | last post by:
Hello; I use in my web application FormsAuthentication. Also I use Session state (InProc). When a user logged in, I can read Session parameters. (For example Session). Problem is that, when...
ASP.NET
8
2626
ASP.NET 2.0 RTM breaks FormsAuthentication.SetAuthCookie cookie
by: Bill Henning | last post by:
Another developer and I have noticed that after upgrading to the ASP.NET 2.0 RTM release, when using: FormsAuthentication.SetAuthCookie(userName, true) That the cookie is no longer persisted,...
ASP.NET
3
7575
FormsAuthentication ReturnUrl - need it to be Absolute
by: Noremac | last post by:
My google skills must be dwindling. I am trying to determine how in ASP.NET 2.0 I can get the ReturnUrl querystring variable in Forms Authentication to contain the absolute url. Just like others...
ASP.NET
0
6904
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7034
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
6886
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5324
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
4768
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4472
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
2990
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
1294
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
558
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us