FormsAuthentication problem with HttpWebRequest

From: David Adams (mel1daa@hotmail.com)
Date: 01/28/03 

From: "David Adams" <mel1daa@hotmail.com>
Date: Mon, 27 Jan 2003 23:01:35 -0600

Hi All,

I'm having a problem getting an ASP.NET Forms Authentication application to
work properly. I am following the IBuySpy portal security logic and using
role-based security. I have a windows app that will run and execute a page
from my application. This app I would like to automatically 1) login with
specified credentials and attain an administration role using
HttpWebRequest/HttpWebResponse, and 2) once acquiring these credentials, be
able to execute another page, which is protected in my web.config to allow
only roles of Administration.

The problem is that apparently once you set the
FormsAuthentication.SetAuthCookie, you must postback or redirect for the
global.asax Application_AuthenticateRequest to assign a new generic
principal object - I can't seem to "SetAuthCookie" and apply it to the
WebRequest Cookie collection. I am trying to do this all at once but my
asp.net app that I wish to execute does not pick up these credentials
(redirects back to login).

Here is the code: (Windows app)

// set the authentication cookie
FormsAuthentication.SetAuthCookie("dave@njs.com",false);

webRequest = (HttpWebRequest)WebRequest.Create(url);
webRequest.CookieContainer = new CookieContainer();
webRequest.CookieContainer.Add(new
Cookie("Roles","Admin","/",www.mysite.com"));
webRequest.CookieContainer.Add(new
Cookie(FormsAuthentication.FormsCookieName,Response.Cookies[FormsAuthenticat
ion.FormsCookieName].Value,"/",www.mysite.com"));

ds.WriteXml(sWriter,XmlWriteMode.WriteSchema);
byte[] xmlBuffer =
System.Text.Encoding.GetEncoding(1252).GetBytes(sWriter.ToString());

webRequest.Method="POST";
webRequest.ContentType = "text/xml";
webRequest.ContentLength=xmlBuffer.Length;
sm = webRequest.GetRequestStream();
sm.Write(xmlBuffer,0,xmlBuffer.Length);

webResponse=(HttpWebResponse)webRequest.GetResponse();
if (webResponse.StatusCode== HttpStatusCode.OK)
{
sring pageContent=smReader.ReadToEnd();
smReader.Close();
webResponse.Close();
}

GLOBAL.ASAX (from Web App)
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// create a user role
if (Request.IsAuthenticated == true &&
Context.Request.Cookies["Roles"].Value != null &&
Context.Request.Cookies["Roles"].Value != "")
{
//this is a global routine on
ArrayList userRoles = new ArrayList();
foreach (String role in Context.Request.Cookies["Roles"].Value.Split( new
char[] {'*'} ))
{
userRoles.Add(role);
}
string[] roles = (String[]) userRoles.ToArray(typeof(String));
Context.User = new GenericPrincipal(Context.User.Identity, roles);
}
}

--------------------------

Thanks for your help!!

Dave

Relevant Pages

  • Web Services Authentication
    ... I have a windows app that I am writting for some field reps. ... download and upload specific information to a web service, ... sort of authentication to access or upload the data. ... The users are not logged in to a domain so no authentication token is ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Web Services Authentication
    ... Your best bet for implementing non-windows authentication is to use the WSE ... > I have a windows app that I am writting for some field reps. ... > some sort of authentication to access or upload the data. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Windows Form Application Authentication in .NET 2.0
    ... If the user runs your Windows app in a network domain with Active Directory, ... I am trying to implement ActiveDirectory Authentication for Windows ...
    (microsoft.public.dotnet.framework)
  • Offline / online variable sharing
    ... an ASP.NET web app. ... Internet is available when the Windows app looks for the value. ... look up a cookie from a Windows app or is there a more appropriate solution? ... Prev by Date: ...
    (microsoft.public.dotnet.languages.csharp)