Authentication Ticket not storing UserData

Discussion in 'ASP .Net' started by Sean Patterson, Jan 25, 2005.

  1. Hey all,

    I've followed the examples online on how to use Forms Authentication to
    create a ticket, assign it a role, and then intercept it in the
    Global.asax file to make sure it gets sucked in to the IPrincipal. This
    has worked on some other apps, but my code isn't working in my new one
    for some reason. Here's my CreateCredentials code:

    Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As
    String)

    Dim CurrentContext As HttpContext
    Dim FormsCookie As String
    Dim AuthCookie As HttpCookie
    Dim Ticket As System.Web.Security.FormsAuthenticationTicket
    Dim AuthIdentity As System.Web.Security.FormsIdentity
    Dim MinutesUntilExpiration As Double

    CurrentContext = HttpContext.Current
    ' The session timeout limit is defined in the web.config file
    MinutesUntilExpiration =
    CType(ConfigurationSettings.AppSettings("WLTTimeOutMinutes"), Double)
    Ticket = New System.Web.Security.FormsAuthenticationTicket(1,
    UserID, DateTime.Now, _

    DateTime.Now.AddMinutes(MinutesUntilExpiration), _
    False,
    UserRole)

    ' Add ticket into user's cookie list and put the ticket into the
    user's HTTP Context
    FormsCookie = System.Web.Security.FormsAuthentication.Encrypt(Ticket)
    AuthCookie = New
    HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName,
    FormsCookie)
    CurrentContext.Response.Cookies.Add(AuthCookie)

    End Sub

    Similarly, in my global.asax I have the following

    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
    EventArgs)
    ' Fires upon attempting to authenticate the user

    Dim id As System.Web.Security.FormsIdentity
    Dim ticket As System.Web.Security.FormsAuthenticationTicket

    ' Update authentication ticket greated during login to include
    the user's role in its credentials.
    If Not HttpContext.Current.User Is Nothing Then
    If HttpContext.Current.User.Identity.IsAuthenticated Then
    If TypeOf HttpContext.Current.User.Identity Is
    System.Web.Security.FormsIdentity Then
    id = CType(HttpContext.Current.User.Identity,
    System.Web.Security.FormsIdentity)
    ticket = id.Ticket
    Dim UserRole() As String = {""}
    UserRole(0) = ticket.UserData
    HttpContext.Current.User = New
    System.Security.Principal.GenericPrincipal(id, UserRole)
    End If
    End If
    End If

    End Sub

    For some reason, when I debug, I trace the script through the create
    credentials striaght into the application_authentication, but the
    UserData doesn't go with it. Here is my debug info:

    Login Form:
    ?Ticket
    {System.Web.Security.FormsAuthenticationTicket}
    CookiePath: "/"
    Expiration: #1/24/2005 4:12:16 PM#
    Expired: False
    IsPersistent: False
    IssueDate: #1/24/2005 3:52:16 PM#
    Name: "spatterson"
    UserData: "USER"
    Version: 1

    Global.asax
    {System.Web.Security.FormsAuthenticationTicket}
    CookiePath: "/"
    Expiration: #1/24/2005 4:22:32 PM#
    Expired: False
    IsPersistent: False
    IssueDate: #1/24/2005 3:52:32 PM#
    Name: "spatterson"
    UserData: ""
    Version: 1

    Any help to what I'm missing? I've even cleared out my cookies in IE to
    test things. Thanks in advance!
     
    Sean Patterson, Jan 25, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. e
    Replies:
    1
    Views:
    3,635
    John Saunders
    Oct 24, 2003
  2. Jamie  Pollard
    Replies:
    4
    Views:
    5,522
    Jamie Pollard
    Jul 15, 2005
  3. Peter Rilling
    Replies:
    1
    Views:
    864
    bruce barker \(sqlwork.com\)
    Aug 3, 2006
  4. Mythran
    Replies:
    2
    Views:
    420
    Mythran
    Mar 8, 2007
  5. Jamie  Pollard

    Storing Role And User Id in UserData of FormAuthentication

    Jamie Pollard, Jul 14, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    134
    Jamie Pollard
    Jul 15, 2005
Loading...

Share This Page