Cookie not persisted w/o call to GetRedirectUrl()

• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: SHA256 C# vs FIPS 180"
• Next in thread: Jim Foye: "Re: Cookie not persisted w/o call to GetRedirectUrl()"
• Reply: Jim Foye: "Re: Cookie not persisted w/o call to GetRedirectUrl()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 26 Jan 2005 21:24:52 -0600

I am using forms authentication. I do not have default.aspx nor do I want
one as I am using multiple roles and I want to redirect the user after
logging in based on his role. Here's the pertinent section from web.config:

<authentication mode="Forms">
    <forms name="MMAuth"
      loginUrl="/forms/cl_signin.aspx"
      protection="All"
      timeout="60"
      path="/">
    </forms>
</authentication>
<authorization>
    <deny users="?" />
    <allow users="*" />
</authorization>

The below code is not my real code, but is an example I lifted from a
website, and it should serve to pretty well illustrate my problem. I put
into my source and compiled and debugged it. Email is a textbox with the
user's email which serves as his user name, and let's say I've already
validated him.

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1,
                                                                             
                             Email.Text,
                                                                             
                             DateTime.Now,
                                                                             
                             DateTime.Now.AddHours(3), // or anything else,
it doesn't matter
                                                                             
                             true,
                                                                             
                            "client");
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
cookie.Expires = ticket.Expiration; // or anything else, it doesn't matter
Response.Cookies.Add(cookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(Email.Text, true));

This will persist the cookie, but I can't use this code, because
GetRedirectUrl() is a bit stubborn and only wants to take me to
default.aspx. According to ASP.NET Cookbook by O'Reilly, no problem, I just
call Response.Redirect() with the page I want to go to. That will persist
the cookie. But it doesn't.

I find it very strange that I have to

1) Set an expiration on the ticket
2) Tell the ticket that is persistent
3) Set the expiration for the cookie that contains the ticket

and still the cookie does not persist. It seems to come back from the
browser for the current session, but it won't persist. It will only persist
if I

4) call GetRedirectUrl() with the 2nd parameter set to true to let it know
that the cookie (whose expiration I have set) which contains the ticket
(whose expiration AND persistence flag I have set) should in fact be
persisted on the client.

Calling GetRedirectUrl() and tossing the return value and going on my merry
way with Response.Redirect(), while looking very funky, would be acceptable
at this point, but that does not work, I have to call it exactly as you see
above.

This is a strange API, even by Microsoft standards.

Please help.

Jim

• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: SHA256 C# vs FIPS 180"
• Next in thread: Jim Foye: "Re: Cookie not persisted w/o call to GetRedirectUrl()"
• Reply: Jim Foye: "Re: Cookie not persisted w/o call to GetRedirectUrl()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]