Re: Forms Security
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 06/23/05
- Next message: Paul Clement: "Re: User.Identity.Name on Windows 2003"
- Previous message: Matt: "Re: Forms Security"
- In reply to: Matt: "Re: Forms Security"
- Next in thread: Matt: "Re: Forms Security"
- Reply: Matt: "Re: Forms Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Jun 2005 06:18:52 -0700
Hello MATT,
look at that code - http://www.leastprivilege.com/PermaLink.aspx?guid=b0e51388-71d1-4a6f-98d0-bc8cfbec4c3a
the decryption is done be the FormsAuthenticationModule and is transparent
to your application.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Sorry, here it is.
>
> [code]
> FormsAuthenticationTicket authTicket = new
> FormsAuthenticationTicket(selectCMD.Parameters["@output"].Value.ToStri
> ng(),f
> alse,10);
> //Encrypt the ticket
> string eT = FormsAuthentication.Encrypt(authTicket);
> //Create a Cookie and store the data
> HttpCookie authCookie = new
> HttpCookie(FormsAuthentication.FormsCookieName,eT);
> DateTime dt = DateTime.Now;
> authCookie.Expires = dt.AddHours(1);
> Response.Cookies.Add(authCookie);
> //Redirect to Originally Requested Page
> Label2.Text = (FormsAuthentication.GetRedirectUrl
> (selectCMD.Parameters["@output"].Value.ToString(),false));
> Response.Redirect(FormsAuthentication.GetRedirectUrl
> (selectCMD.Parameters["@output"].Value.ToString(),false))
> [/code]
> I guess I dont understand the forms security model, but if there is a
> ticket encrypt method, I assume that there needs to be a
> ticket.decrypt method call hapenning somewhere.
>
> But then that may be bad thinking on my part!
>
> Matt
>
> "Dominick Baier [DevelopMentor]"
> <dbaier@pleasepleasenospamdevelop.com> wrote in message
> news:509256632550731384720833@news.microsoft.com...
>
>> Hello MATT,
>>
>> can you post the code, where you set the Auth Cookie?
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> Hi I have the MSDN forms security example in my .net code, tweaked
>>> to suit my application.
>>>
>>> When I log in, and step through my code, I see everything get
>>> created correctly, and if I look in the cookies folder, the cookie
>>> myname@localhost gets created
>>>
>>> But the page then redirects, and the security doesnt see the cookie
>>> and so I
>>> end up back at the login page.
>>> What have I missed?
>>> I assume that the .net framework handles the rest, so it looks to me
>>> that it
>>> is not finding the correct cookie name in the web.config file
>>> The only thing I have done is encrypted the ticket, so I can see I
>>> may
>>> need to add in a function somewhere to decrypt it and check it?
>>> Any advice / help greatfully recieved, as Im goign round and round
>>> in circles
>>>
- Next message: Paul Clement: "Re: User.Identity.Name on Windows 2003"
- Previous message: Matt: "Re: Forms Security"
- In reply to: Matt: "Re: Forms Security"
- Next in thread: Matt: "Re: Forms Security"
- Reply: Matt: "Re: Forms Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
