Re: forms authentication question

From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 11/29/04

Next message: Scott M.: "Re: Can't import .OCX assembly into Web Matrix Project."
Previous message: Daniel Jin: "forms authentication cookie not timeout"
In reply to: z. f.: "forms authentication question"
Next in thread: z. f.: "Re: forms authentication question"
Reply: z. f.: "Re: forms authentication question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Nov 2004 12:09:27 -0300

You may use a "safer" approach for building Forms cookies from this sample :
http://weblogs.asp.net/hernandl/archive/2004/08/05/FormsAuthRoles2.aspx

Notice the first line:

  // Get the cookie created by the FormsAuthentication API
  // Notice that this cookie will have all the attributes according to
  // the ones in the config file setting.
  HttpCookie cookie = FormsAuthentication.GetAuthCookie( userId, false );

And the cookie updating code:

// Update the outgoing cookies collection.
Context.Response.Cookies.Set(cookie);

-- 
Hernan de Lahitte
http://weblogs.asp.net/hernandl
"z. f." <zigi@info-scopeREMSPAM.co.il> escribi? en el mensaje 
news:ehuCXWS1EHA.132@tk2msftngp13.phx.gbl...
Hi,
i use Forms authentication in my vb.net asp web  application
on the login page i set the authentication cookie, and i can see the cookie
is there.
on the Global_AuthenticateRequest
i get the IsNothing(HttpContext.Current.User) = true
why the framework don't recognise my cookie?
the code to put the cookie is:
FormsAuthentication.Initialize()
Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket( _
1, userId, _
DateTime.Now, DateTime.Now.AddMinutes(Session.Timeout), _
False, roles)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, hash)
' Add the cookie to the list for outgoing response
Page.Response.Cookies.Add(cookie)

Next message: Scott M.: "Re: Can't import .OCX assembly into Web Matrix Project."
Previous message: Daniel Jin: "forms authentication cookie not timeout"
In reply to: z. f.: "forms authentication question"
Next in thread: z. f.: "Re: forms authentication question"
Reply: z. f.: "Re: forms authentication question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Ticket disappears when browser is closed
... be careful - if the cookie is save to the users harddrive - anyone who has access to that directory can grab the cookie and bypass authentication. ... Dim New DatabaseUser ... Dim userData As String = DatabaseUser.UserData ... ByVal PersonID As Integer, ByVal roles As String) ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: DESPERATE: FormsAuthentication Problem
... > them in the forms authentication cookie. ... > ' Get ";" delimited string of the user's roles from the database ... > Dim authTicket As FormsAuthenticationTicket = New ...
(microsoft.public.dotnet.framework.aspnet)
DESPERATE: FormsAuthentication Problem
... them in the forms authentication cookie. ... from the forms authentication cookie, create a new FormsIdentity object, ... ' Get ";" delimited string of the user's roles from the database ... Dim authTicket As FormsAuthenticationTicket = New ...
(microsoft.public.dotnet.framework.aspnet)
DESPERATE: FormsAuthentication Problem
... them in the forms authentication cookie. ... from the forms authentication cookie, create a new FormsIdentity object, ... ' Get ";" delimited string of the user's roles from the database ... Dim authTicket As FormsAuthenticationTicket = New ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Handle Session Timeout And Lost MemberID
... You might want to create a temporary cookie on the users machine, ... > their MemberID in a global variable in the global.asa file. ... > Dim strFirstName ... > Do other people use cookies to store the memberID instead of a session ...
(microsoft.public.inetserver.asp.general)