Problem with Forms Authentication

From: David C. Taylor (dtaylor_at_harc.edu)
Date: 08/11/03 

Date: Mon, 11 Aug 2003 10:37:40 -0700

I have an application using FormsAuthentication that does
not persist the authentication cookie beyond the session
so each time a user starts a session they must go through
the login page. On this login page I set a couple of
session variables while I am making the database trip for
authentication. This all works fine without any problems.

Now, I have the requirement to provide an option for a
user to 'Remember Me' using a checkbox and persisting the
cookie. The result is that users that take this option
will bypass the login page and the setting of the
necessary session variables. I decided to write the data
to the cookie as the FormsAuthenticationTicket.UserData
property and then retrieve it. I am using the MSDN
documentation for that property and the example shows how
to retrieve that value using this code in VB.Net:

Dim id As FormsIdentity = CType(User.Identity,
FormsIdentity)
Dim ticket As FormsAuthenticationTicket = id.Ticket
userData.Text = ticket.UserData

However, when I run this code I get an Invalid Cast
Exception on the first line.

I need to know how to make this type conversion work, why
it is not working, or just a workaround for this issue.

Thanks for any help,

David C. Taylor, MCP

Relevant Pages

  • Re: proper way to logout and end a session
    ... also the authentication cookie is separate from the session cookie. ... as the second site is opened from the first, its cookies are not deleted by the browser when the window is closed, so when the site is reopened, the authentication cookie is still active. ... And when people click the logout link inside the application, the application will close this second browser window. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Sessions vs Cookies
    ... There is a session cookie which simply allows the server to identify the client and retrieve relevant session data for it. ... If cookies can be read or forged, it makes little odds whether you have the master key or all the little keys,. ... Suppose you only send the PHPSESSID: Now you cannot change a thing on the server, even if you have the 'master key'. ...
    (comp.lang.php)
  • Re: session wont timeout
    ... Maybe this is a session cookie issue? ... client browser there is this one: WSS_KeepSessionAuthenticated Expires: At ... If I kill the session cookie using IE Developer Toolbar, ... possible and IIS would throw another challenge. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Is it safe to store user_id in Session?
    ... What I was wondering is how safe it is to store user_id or username or ... session so I do not need to search the database all the time. ... OVERRIDING BASIC SESSION COOKIE AUTHENTICATION ... So what is described in the article only works for bad php scripts. ...
    (comp.lang.php)
  • Chicken and egg issue with Cookie based login?
    ... I have few questions I hope someone can clear up for me with the cookie ... private web server. ... It also says this about the secret key: ... Second, would be an example of the "Session ID" or more general, what is an ...
    (comp.security.misc)