Roles and Forms Authentication problems

From: wrecker (wrecker_at_wrecked.com)
Date: 08/24/05


Date: Wed, 24 Aug 2005 15:10:03 -0400

Hello all,

I have been struggling with getting role-based security working with forms authentication. There
are two things happening/not happening in my code that for the life of me I can not figure out.

The first is that when I create my authentication ticket containing my roles and add the cookie, the
cookie will not add if I use

Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)
HttpContext.Current.Response.Cookies.Add(cookie)

However, if I hardcode the name of the cookie then the cookie will add

Dim cookie As HttpCookie = New HttpCookie("MY.AUTH", hash)
HttpContext.Current.Response.Cookies.Add(cookie)

When I examine FormsAuthentication.FormsCookieName in the debugger is does indeed show the proper
value for the cookie name from the web.config. What is going on?

Second, in the global.asax Application_AuthenticateRequest() when I try to retrieve the role
information that I have stored in the cookie, the ticket is filled in with all the appropriate
information that I'd set upon login (like name, expiration etc.) but the ticket.UserData is blank!

        If Not (HttpContext.Current.User Is Nothing) Then
            If HttpContext.Current.User.Identity.IsAuthenticated Then
                If TypeOf HttpContext.Current.User.Identity Is System.Web.Security.FormsIdentity
Then

                    Dim id As System.Web.Security.FormsIdentity
                    id = CType(HttpContext.Current.User.Identity, System.Web.Security.FormsIdentity)
                    Dim ticket As System.Web.Security.FormsAuthenticationTicket
                    ticket = id.Ticket

                    Dim userData As String = ticket.UserData
                    Dim roles() As String = userData.Split(",")
                    HttpContext.Current.User = New GenericPrincipal(id, roles)
                End If
            End If
        End If

Both of these problems are very strange and I have not benn able to find a resolution for either of
them. I wrote a small test application seperate from main application and I'm not seeing the
problems that I am here. Could it be related to how the application is set up? The root directory
contains the web.config and the global.asax. The login page resides in a secure folder under root.
The code that logs that authenticates the user, creates the ticket and adds the cookie resides in
module of common functions in a folder called common.

/root
/root/web.config
/root/global.asax

/root/secure/login.aspx

/root/common/common.vb

This folder structure (which I inherited from a previous developer) is the only thing different from
my test application and my main application.

Can someone help me solve this very strange problem?

Thanks

Ren



Relevant Pages

  • RE: Membership Provider Woes
    ... You set the FormsAuth ticket on the Login_LoggingIn. ... cookie regardless of whether the user's authentication failed or not. ... Doens't the membership provider set a forms auth cookie for me ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Forms authentication cookie handling question (C#)
    ... I'm creating some Forms authentication for a section of my website. ... I think I've even got cookie storage working, ... authentication ticket, ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ...
    (microsoft.public.dotnet.framework.aspnet)
  • Perplexing and critical error - please help!
    ... The site uses Forms authentication w/ anonymous ... pass information about the current conference. ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... // "true" for a durable user cookie ...
    (microsoft.public.dotnet.framework.aspnet.webcontrols)
  • Perplexing and critical error - please help!
    ... The site uses Forms authentication w/ anonymous ... pass information about the current conference. ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... // "true" for a durable user cookie ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Forms Authentication - context changing
    ... works via the cookie (generally, if you using the default web.config ... I have an ASP.NET application in my website in virtual folder A. ... I've implemented forms authentication (with application in folder ... I've also set up a redirection in IIS so that ...
    (microsoft.public.dotnet.framework.aspnet)