RE: Reconnect to a session and authenticate.

Hi Jerry,

As for restorting FormsAuthentication state, I think it's much easier than
session since the FormsAuthentication.SetAuthCookie method I mentioned
earlier can help regenerate the authenticate cookie. Therefore, I think
what you need to do is just store the username in a custom cookie item. And
later when you need to regenerate the authenticate state, just read the
username from that cookie item and call the
FormsAuthentication.SetAuthCookie, how do you think?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: =?Utf-8?B?SmVycnkgQw==?= <jerryed@xxxxxxxxxxxxx>
References: <6A0F7399-8AD4-47C7-ABB5-BA02BE97BFD3@xxxxxxxxxxxxx>
<TTJd7#bfIHA.1500@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Reconnect to a session and authenticate.
Date: Wed, 5 Mar 2008 07:43:03 -0800


Steven,

The solution I posted did not work in all cases. I used the custom session
Id manager in the link.

Now the question is how do I restore the authentication without sending
the
user name in the Qstring. I do store the forms auth cookie in the query
string. How do I use it the authenticate.

Thank you
--
Jerry


""Steven Cheng"" wrote:

Hi Jerry,

From your description, I understand you want to programmatically restore
a
certain session connection or forms authentication connection in your
code
(by supplying the sessionID or authentication info) , correct?

Based on my understanding, for forms authentication, it is quite easy to
regenerate the authentication state, you can simply call the following
method to make the current user be authenticated again(supply the
username):

FormsAuthentication.SetAuthCookie(username, true);

However, for session state, it is always done(validate client cookie) by
the built-in session state module. If you put the session state
info(such
as ID) in querystring, runtime will not know it. You can try manually
add
the cookie (that contain the sessionID you previously stored) into
ASP.NET
response.

If this not work, you may have a look at creating a custom
SessionIDManager, that can help you add your own code logic to read and
generate sessionID:

#Overcoming IE Bug with a Custom SessionIDManager
http://blogs.microsoft.co.il/blogs/dorony/

#SessionIDManager Class

http://msdn2.microsoft.com/en-us/library/system.web.sessionstate.sessionidma
nager(VS.80).aspx

#ASP.NET 2.0 Training : Customizing the Session State Mechanism

http://www.exforsys.com/tutorials/asp.net-2.0/asp.net-2.0-customizing-the-se
ssion-state-mechanism.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent
issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each
follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach
the
most efficient resolution. The offering is not appropriate for
situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are
best
handled working with a dedicated Microsoft Support Engineer by
contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
From: =?Utf-8?B?SmVycnkgQw==?= <jerryed@xxxxxxxxxxxxx>
Subject: Reconnect to a session and authenticate.
Date: Mon, 3 Mar 2008 14:43:01 -0800



I have an asp.net application using forms authentication. On one of my
pages
I use a control that does not return the cookies in firefox. (the
creator
of
the control will remain nameless) I can include the session cookie
"ASP.NET_SessionId" and the cookie ââ?¬Å?CDââ??placed by the forms
authentication in
the querystring. The Question is how do I reconnect to the session and
reauthenticate when this page posts back so my session vars are there.

--
Jerry





.

Relevant Pages

  • Runtime error when customErrors are Off
    ... "On" Always display custom messages. ... This section sets the authentication policies of the application. ... Application-level tracing enables trace log output for every page ... <!-- SESSION STATE SETTINGS ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: authentication cookie vs session cookie
    ... level of using authentication cookies on the client machines. ... authentication cookie on a manager's machine is stolen and used on a client ... > session variables as it relies on the session cookie that ASP.NET sends to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: authentication cookie vs session cookie
    ... doing 'cookie' authentication (effectively what you are doing when you use ... session variables as it relies on the session cookie that ASP.NET sends to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Framework bug with Auth and Session state?
    ... So as long the browser stays open, ... cookie remains, ... the authentication never times out. ... Session info is stored on the server, using the session cookie only as an ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authentication question
    ... I also found the settings and chose to set a sliding timeout for the ... complained about having to login when I knew their session had not expired. ... > The session timeout and forms authentication cookie timeout are ... > authentication cookie but all of the inproc session state is gone. ...
    (microsoft.public.dotnet.framework.aspnet)
Quantcast