Re: FormsAuthentication Class Question
From: Joe Reazor (joenospam_at_belgor.com)
Date: 05/28/04
- Next message: Jonathan Wax: "upload xml file to http with certificate?"
- Previous message: jzhu: "RE: Getting a list of roles"
- In reply to: Joe Reazor: "Re: FormsAuthentication Class Question"
- Next in thread: [MSFT]: "Re: FormsAuthentication Class Question"
- Reply: [MSFT]: "Re: FormsAuthentication Class Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 May 2004 16:40:04 -0400
This is getting frustrating. In trying to implement a custom
encryptor/decryptor using RijndaelManaged class I found out that I can't
directly encrypt a FormsAuthenticationTicket when I am outside of a webforms
application. The stack trace yielded the same issue I saw before where the
call to FormsAuthentication.Initialize that happens somewhere in the .net
runtime fails, I'm guessing because I'm outside of a forms app. Its
annyoing though because I just want to use the ticket and its data. I guess
I can ignore trying to return a ticket from my custom class and just provide
access to the ticket's data that is stored in the encrpyted cookie.
In just thinking about it some more. I probably could just as easy go back
to using standard FormsAuthentication encryption of my ticket, let my custom
httpmodule use that for the begin authentication event to confirm the user
is authenticated and on the login page I just add some extra code to encrypt
just my username field as a separate cookie. Then I can access this in a
custom class that is called through interop by my asp page and return it the
username. Then on the asp side I can write my code to use that username to
get user data from my SQL tables.
Does that seem to make more sense?
==============
Joe Reazor
Gorbel Inc.
email: joerea=AT=gorbel=DOT=com
"Joe Reazor" <joenospam@belgor.com> wrote in message
news:OZDcQKOREHA.2404@TK2MSFTNGP09.phx.gbl...
> Thanks Luke, I was afraid that was going to be the answer. The thing that
I
> am getting stuck on now is that if I don't use FormAuthentication.Encrypt
> and instead do the encrypt myself, I'm not sure what this Encrypt method
> does? You pass it an authentication ticket and it returns an encrypted
> version. How exactly do I reproduce that but with my own class?
>
>
> ==============
> Joe Reazor
> Gorbel Inc.
> email: joerea=AT=gorbel=DOT=com
>
>
> "[MSFT]" <lukezhan@online.microsoft.com> wrote in message
> news:0tbpYF5QEHA.304@cpmsftngxa10.phx.gbl...
> > Hi Joe,
> >
> > I think you have to create customized encryption/decryption under this
> > situation. For example, with CryptoStream in .NET. You may take a look
at
> > this article for this:
> >
> > Encrypting Data
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
> > l/cpconencryptingdata.asp
> >
> > Luke
> > Microsoft Online Support
> >
> > Get Secure! www.microsoft.com/security
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >
>
>
- Next message: Jonathan Wax: "upload xml file to http with certificate?"
- Previous message: jzhu: "RE: Getting a list of roles"
- In reply to: Joe Reazor: "Re: FormsAuthentication Class Question"
- Next in thread: [MSFT]: "Re: FormsAuthentication Class Question"
- Reply: [MSFT]: "Re: FormsAuthentication Class Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
