473,503 Members | 1,629 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

ASP.Net Forms Authentication - Storing Enrypted Ticket In HttpCookie

We followed an example found on MSDN to create an encrypted
FormsAuthenticationTicket and storing the ticket in a cookie. Is this the
"correct" way to store the authentication ticket? We are attempting to
create a web service from the web application and our goal is to have the
user login to the web application and then, using the same credentials
and/or authentication objects, access the web services to retrieve our data
from other internal servers. It's pretty difficult to find this information
on the web :)

What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?

Thanks,
Mythran
Mar 7 '07 #1
2 1996
Does this help?

http://aspalliance.com/805_Soap_Head...n_Web_Services
Peter
"Mythran" <ki********@hotmail.comwrote in message
news:1E**********************************@microsof t.com...
We followed an example found on MSDN to create an encrypted
FormsAuthenticationTicket and storing the ticket in a cookie. Is this the
"correct" way to store the authentication ticket? We are attempting to
create a web service from the web application and our goal is to have the
user login to the web application and then, using the same credentials
and/or authentication objects, access the web services to retrieve our
data from other internal servers. It's pretty difficult to find this
information on the web :)

What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?

Thanks,
Mythran


Mar 8 '07 #2


"Peter Bradley" <pb******@uwic.ac.ukwrote in message
news:#M**************@TK2MSFTNGP03.phx.gbl...
Does this help?

http://aspalliance.com/805_Soap_Head...n_Web_Services
Peter
"Mythran" <ki********@hotmail.comwrote in message
news:1E**********************************@microsof t.com...
>We followed an example found on MSDN to create an encrypted
FormsAuthenticationTicket and storing the ticket in a cookie. Is this
the "correct" way to store the authentication ticket? We are attempting
to create a web service from the web application and our goal is to have
the user login to the web application and then, using the same
credentials and/or authentication objects, access the web services to
retrieve our data from other internal servers. It's pretty difficult to
find this information on the web :)

What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?

Thanks,
Mythran


Thanks for the link, reading it now and hope it helps us...

Now, for the 2nd paragraph in my OP...what options are there for storing the
user id and pwd across postbacks (same session) w/o using the session nor
database? Is storing the user name and password hash in an encrypted form
as a cookie on the user's machine a good idea? I don't feel very
safe/secure with store a users password (hashed or not) in any form anywhere
outside of a database, but sometimes you gotta do what you gotta do...any
suggestions for this?

Thanks,
Mythran
Mar 8 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
6351
forms authentication ticket .userdata vanishing
by: e | last post by:
I'm using forms authentication on a site. When the user logs in via the login page, the entered creds are checked against AD, and if valid, an encrypted forms authentication ticket is produced and...
ASP.NET
3
1543
Forms authentications questions
by: john | last post by:
I have 2 questions: 1. I am trying to use forms authentication. When the user logs out, I make these function calls: Session.Abandon(); FormsAuthentication.SignOut(); But after they log out,...
ASP.NET
3
4729
Forms authentication - credential store
by: Martin | last post by:
Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I...
ASP.NET
5
1761
Forms Login Page Not Login Out
by: Kenneth Keeley | last post by:
Hi, I have a web app that has forms authentication and I can login to the page the first time I go there but it never times me out if I come back in 24 hours a hit the refresh key the page loads...
ASP.NET
0
244
forms authentication
by: nicholas | last post by:
I'm using role based forms authetication with user-info in a database. I used this with a SQL database (sql 2000 server) and it worked 100%. Now, I want to use the same code, but with a database...
ASP.NET
0
1310
Problem with forms authentication roles
by: Sean Patterson | last post by:
Hey all, I've followed the examples online on how to use Forms Authentication to create a ticket, assign it a role, and then intercept it in the Global.asax file to make sure it gets sucked in...
ASP.NET
2
2720
Forms authentication cookies not expiring...
by: pv_kannan | last post by:
I recently found out that my authentication cookies are not expiring even though I have set the persist property to false. As a result, users are able to access the secure websites with indifferent...
ASP.NET
1
4679
Cookieless Forms Authentication and Roles
by: Mark Olbert | last post by:
I'm building an ASPNET2 website which uses forms authentication but does not use the Microsoft-supplied membership providers (mostly because I don't want to create my own provider at this point, and...
ASP.NET
10
5230
Forms Authentication in ASP.NET 2.0
by: Peter Bradley | last post by:
We are in the process of designing our first ASP.NET 2.0 application and have discovered that Forms Authentication works completely differently in ASP.NET 2.0. For a number of reasons, we cannot...
ASP.NET
0
7198
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7072
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7271
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7319
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
7449
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
1
4998
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4666
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3160
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
1
730
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us