Re: Using forms authentication for the first time

From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 08/02/04

  • Next message: jbothwel: "Re: Security Violation in my Web Service" 
    Date: Mon, 2 Aug 2004 18:56:25 -0300

    You should create the ticket by your self. Here is a sample code:

    Place this code instead of "FormsAuthentication.RedirectFromLoginPage(
    UserId.Text, false )"

    HttpCookie cookie = FormsAuthentication.GetAuthCookie( UserId.Text, false );
    FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(
    cookie.Value );
    // Store roles inside the Forms cookie.
    FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
    ticket.Version,

    ticket.Name,

    ticket.IssueDate,

    ticket.Expiration,

    ticket.IsPersistent,

    userData,

    ticket.CookiePath );
    cookie.Value = FormsAuthentication.Encrypt(newticket);
    Response.Cookies.Set(cookie);
    Response.Redirect( FormsAuthentication.GetRedirectUrl( newticket.Name,
    newticket.IsPersistent ) );

    In case you don't have any userData (some string data up to 1200 bytes
    aprox) to store inside the ticket, you might use this
    FormsAuthenticationTicket overload:

    FormsAuthenticationTicket newticket2 = new FormsAuthenticationTicket(
    ticket.Name, ticket.IsPersistent, ticket.Expiration.Subtract(
    ticket.IssueDate ).Minutes );

    Hope this help. 

    -- 
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl
This posting is provided "AS IS" with no warranties, and confers no rights.
"William Gower" <w_gower@hotmail.com> wrote in message
news:%233We1zLeEHA.3664@TK2MSFTNGP12.phx.gbl...
> I have set up my web config file to use Forms Authentication.  In my login
> page after I validate my user, I want to store the id but I don't want to
> call the RedirectFromLoginPage.  I want to redirect the page myself.  How
do
> I store the id without calling RedirectFromLoginPage?
>
>
  • Next message: jbothwel: "Re: Security Violation in my Web Service"

    Relevant Pages

    • Re: Cant persist the cookie
      ... HTH, ... > ticket is an instance of FormsAuthenticationTicket; ... > HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: How do I update FormsAuthenticationTicker.userdata after ticket created?
      ... Recreating the ticket is the way to go. ... > HttpCookie cookie = FormsAuthentication.GetAuthCookie(UserId.Text, ... > FormsAuthenticationTicket newticket = new FormsAuthenticationTicket( ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Cant persist the cookie
      ... ticket is an instance of FormsAuthenticationTicket; ... HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ... I added the 2 lines to set cookie expiration after seeing that in an article ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • FormsAuthentication und schlaflose Nächte
      ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... string sEncTicket = FormsAuthentication.Encrypt; ... Die Rolle im Ticket aufzubewahren scheint mir das Naheliegenste zu sein. ... Auf der Logon Seite finde ich ...
      (microsoft.public.de.german.entwickler.dotnet.asp)
    • Re: Forms Authentication in ASP.NET 2.0
      ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... // Encrypt the cookie using the machine key for secure transport ... That's pretty much all you need for the Forms Authentication without using ...
      (microsoft.public.dotnet.framework.aspnet)