By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,402 Members | 1,262 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,402 IT Pros & Developers. It's quick & easy.

ASP.Net Forms Authentication - Storing Enrypted Ticket In HttpCookie

P: n/a
We followed an example found on MSDN to create an encrypted
FormsAuthenticationTicket and storing the ticket in a cookie. Is this the
"correct" way to store the authentication ticket? We are attempting to
create a web service from the web application and our goal is to have the
user login to the web application and then, using the same credentials
and/or authentication objects, access the web services to retrieve our data
from other internal servers. It's pretty difficult to find this information
on the web :)

What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?

Thanks,
Mythran
Mar 7 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Does this help?

http://aspalliance.com/805_Soap_Head...n_Web_Services
Peter
"Mythran" <ki********@hotmail.comwrote in message
news:1E**********************************@microsof t.com...
We followed an example found on MSDN to create an encrypted
FormsAuthenticationTicket and storing the ticket in a cookie. Is this the
"correct" way to store the authentication ticket? We are attempting to
create a web service from the web application and our goal is to have the
user login to the web application and then, using the same credentials
and/or authentication objects, access the web services to retrieve our
data from other internal servers. It's pretty difficult to find this
information on the web :)

What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?

Thanks,
Mythran


Mar 8 '07 #2

P: n/a


"Peter Bradley" <pb******@uwic.ac.ukwrote in message
news:#M**************@TK2MSFTNGP03.phx.gbl...
Does this help?

http://aspalliance.com/805_Soap_Head...n_Web_Services
Peter
"Mythran" <ki********@hotmail.comwrote in message
news:1E**********************************@microsof t.com...
>We followed an example found on MSDN to create an encrypted
FormsAuthenticationTicket and storing the ticket in a cookie. Is this
the "correct" way to store the authentication ticket? We are attempting
to create a web service from the web application and our goal is to have
the user login to the web application and then, using the same
credentials and/or authentication objects, access the web services to
retrieve our data from other internal servers. It's pretty difficult to
find this information on the web :)

What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?

Thanks,
Mythran


Thanks for the link, reading it now and hope it helps us...

Now, for the 2nd paragraph in my OP...what options are there for storing the
user id and pwd across postbacks (same session) w/o using the session nor
database? Is storing the user name and password hash in an encrypted form
as a cookie on the user's machine a good idea? I don't feel very
safe/secure with store a users password (hashed or not) in any form anywhere
outside of a database, but sometimes you gotta do what you gotta do...any
suggestions for this?

Thanks,
Mythran
Mar 8 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.