strange Formsauthentication behavior

hi all,

in formsauthentication, the global.asax event
Application_Authenticationrequest() event should run once before the page
httphandler runs, correct?
because the global.asax inherites the HttpModule class, but I am see some
odd behabivor when using formsauthentication in 2.0.

on the same level as the login.aspx page, I have a folder called Admin with
some aspx pages inside. the pages that are on the same level as the login
page seems to work find - the Application_Authenticationrequest() run once
before the page_load, but when accssing the page inside of the Admin
folder, the Application_Authenticationrequest() is fired twice after the
page_load event. am I missing something here?


Kevin

here's the code for login:

protected void btnLogin_Click(object sender, EventArgs e)

{

if (IsAuthenticated(this.txtUserName.Text.Trim(),
this.txtPassword.Text.Trim()))

{

// Create the authentication ticket

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, //
version

this.txtUserName.Text.Trim(),// user name

DateTime.Now, // creation

DateTime.Now.AddMinutes(60),// Expiration

false, // Persistent

string.Empty); // User data



// Now encrypt the ticket.

string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket to the

// cookie as data.

HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);

// Add the cookie to the outgoing cookies collection.

Response.Cookies.Add(authCookie);

// Redirect the user to the originally requested page

FormsAuthentication.RedirectFromLoginPage(this.txtUserName.Text, false);

}

else

{

this.lblMsg.Text = "Login failed.";

}

}



and the code in the

void Application_AuthenticateRequest(Object sender, EventArgs e)

{

// Extract the forms authentication cookie

string cookieName = FormsAuthentication.FormsCookieName;

HttpCookie authCookie = Context.Request.Cookies[cookieName];

if (null == authCookie)

{

// There is no authentication cookie.

return;

}

string userName = HttpContext.Current.User.Identity.Name;

if (userName != null && userName != string.Empty)

{

//custom user object that implements IPrincipla interface

UserContext user = UserData.GetUserByUserName(userName);

HttpContext.Current.User = user;

}

}


.

Relevant Pages

  • FormsAuthentication and Redirection fails
    ... authentication code does not seem to be behaving as expected. ... FormsAuthentication framework is bouncing the page straight back. ... public static string Authenticate ... HttpCookie _cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Changing windows passwords remotely
    ... Find great Windows Forms articles in Windows Forms Tips and Tricks ... > //Create the ticket, and add the groups. ... > String encryptedTicket = FormsAuthentication.Encrypt; ... > //Create a cookie, and then add the encrypted ticket to the ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Changing windows passwords remotely
    ... > //Create the ticket, and add the groups. ... > DateTime.Now, DateTime.Now.AddMinutes, isCookiePersistent, ... > String encryptedTicket = FormsAuthentication.Encrypt; ... > //Create a cookie, and then add the encrypted ticket to the ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Non persistent cookie timeout?
    ... > How do i get the cookie to time out after a period of inactivity, ... > If I close the browser, the next time I use the application, it makes ... > // Now encrypt the ticket. ... > string encryptedTicket = FormsAuthentication.Encrypt; ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Changing windows passwords remotely
    ... about how to proceed or a web resource that dicusses the subject. ... //Create the ticket, and add the groups. ... String encryptedTicket = FormsAuthentication.Encrypt; ... //Create a cookie, and then add the encrypted ticket to the ...
    (microsoft.public.dotnet.languages.csharp)