Re: strange Formsauthentication behavior

it runs several times because of the redirects that are done during authentication

use a tool like www.fiddlertool.com to visualize the HTTP traffic

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

hi all,

in formsauthentication, the global.asax event
Application_Authenticationrequest() event should run once before the
page
httphandler runs, correct?
because the global.asax inherites the HttpModule class, but I am see
some
odd behabivor when using formsauthentication in 2.0.
on the same level as the login.aspx page, I have a folder called Admin
with
some aspx pages inside. the pages that are on the same level as the
login
page seems to work find - the Application_Authenticationrequest() run
once
before the page_load, but when accssing the page inside of the Admin
folder, the Application_Authenticationrequest() is fired twice after
the
page_load event. am I missing something here?
Kevin

here's the code for login:

protected void btnLogin_Click(object sender, EventArgs e)

{

if (IsAuthenticated(this.txtUserName.Text.Trim(),
this.txtPassword.Text.Trim()))

{

// Create the authentication ticket

FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1, // version

this.txtUserName.Text.Trim(),// user name

DateTime.Now, // creation

DateTime.Now.AddMinutes(60),// Expiration

false, // Persistent

string.Empty); // User data

// Now encrypt the ticket.

string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket to the

// cookie as data.

HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

// Add the cookie to the outgoing cookies collection.

Response.Cookies.Add(authCookie);

// Redirect the user to the originally requested page

FormsAuthentication.RedirectFromLoginPage(this.txtUserName.Text,
false);

}

else

{

this.lblMsg.Text = "Login failed.";

}

}

and the code in the

void Application_AuthenticateRequest(Object sender, EventArgs e)

{

// Extract the forms authentication cookie

string cookieName = FormsAuthentication.FormsCookieName;

HttpCookie authCookie = Context.Request.Cookies[cookieName];

if (null == authCookie)

{

// There is no authentication cookie.

return;

}

string userName = HttpContext.Current.User.Identity.Name;

if (userName != null && userName != string.Empty)

{

//custom user object that implements IPrincipla interface

UserContext user = UserData.GetUserByUserName(userName);

HttpContext.Current.User = user;

}

}



.

Relevant Pages

  • Re: How do I implement FormsAuthentication based on a database?
    ... authentication using cookies." ... You can do some tricks, though, by putting the authorization ticket in the ... Is there a way to refine the FormAuthentication> mechanism so that it doesn't even need a temporary cookie? ... >> string encryptedTicket = FormsAuthentication.Encrypt;>> // Create a cookie and add the encrypted ticket to the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Problem with Forms Authentication cookies
    ... > only 2, the ASP.NET_SessionID cookie and the Forms Authentication cookie, ... > The next request coming is is a GET request for the Forms Authentication ... > In looking at the logs for NORMAL expired authentication redirects these ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Once in a while, a few users can not authenticate..
    ... HttpCookie authCookie = new ... HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); ... I don't think the global asax part fail, authentication is not directly ... it seems the cookie is not written. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Forms authentication cookie handling question (C#)
    ... I also replaced all of my ticket authentication code with the ... // Username and or password not found in our database... ... LoginControl's default code logic to generate authentication cookie. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Forms Authentication
    ... The DNS entry for my domain was not set corrretly, ... This should have overcome the cookie ... authentication ticketis not correctly set to the domain your ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)