Re: Form Authentication Ticket
From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 04/11/05
- Previous message: Brock Allen: "Re: Form Authentication with SSL"
- In reply to: wrytat: "Form Authentication Ticket"
- Next in thread: wrytat: "Re: Form Authentication Ticket"
- Reply: wrytat: "Re: Form Authentication Ticket"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Apr 2005 08:04:41 -0700
The auth ticket is in essence the user's name encrypted in the cookie. This
is how ASP.NET knows who the user is when the browser makes requests into
your app. For simplicity, I'd suggest not messing with it. The only time
you'd want to do something with the Ticket/Cookie is if you wanted to put
other sensitive data into a cookie so the browser passes it back every time.
Usually since it's putting the username then all other sensitive data can
be fetched from the database on the server, meaning there's no need to put
anything else into the cookie.
-Brock
DevelopMentor
http://staff.develop.com/ballen
> I've read some books and online articles on how to implement form
> authentication. Some taught me just to do
> FormsAuthentication.RedirectFromLoginPage(username.Value, false) after
> the user is validated. While others include more steps, like
> generating authentication ticket, encrypt it, create a cookie, and add
> it to the response, before redirecting the user. Both way should work,
> but why do I need to generate an authentication ticket, when it still
> works if I don't generate one?
>
> What's an authentication ticket for? Why do I need it?
>
> Thank you.
>
- Previous message: Brock Allen: "Re: Form Authentication with SSL"
- In reply to: wrytat: "Form Authentication Ticket"
- Next in thread: wrytat: "Re: Form Authentication Ticket"
- Reply: wrytat: "Re: Form Authentication Ticket"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
