Best way to handle AuthenticateRequest?

Discussion in 'ASP .Net Security' started by rh, Feb 3, 2004.

  1. rh

    rh Guest

    I've been reading a lot of articles about how to handle roles based security in ASP.NET and I've seen two popular methods of handling AuthenticateRequest and I'm curious which is preferred. (I've omitted most error checking to simplify the code).

    Option 1 (from MSDN patterns & practices - extract cookie and decrypt):
    ---
    string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];
    if (authCookie == null)
    return;
    FormsAuthenticationTicket authTicket = null;
    authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    string[] roles = authTicket.UserData.Split(new char[]{'|'});
    FormsIdentity id = new FormsIdentity( authTicket );
    GenericPrincipal principal = new GenericPrincipal(id, roles);
    Context.User = principal;
    ---

    Option 2 (various articles - cast identity, get forms ticket):
    ---
    FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
    FormsAuthenticationTicket ticket = id.Ticket;
    string userData = ticket.UserData;
    string[] roles = userData.Split(',');
    HttpContext.Current.User = new GenericPrincipal(id, roles);
    ---

    Option 2 makes me think the FormsAuthentication class is doing a lot of stuff behind the scenes but I haven't found the documentation on it (not that it doesn't exist). Is the FormsAuthentication class automatically picking up the cookie and decrypting it with each page request? And if this is the case, then why does the "official" MS method ignore this feature and do things manually?? Thanks for the input!
    rh, Feb 3, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tma
    Replies:
    0
    Views:
    1,009
  2. Karl
    Replies:
    0
    Views:
    504
  3. Scott Allen
    Replies:
    0
    Views:
    368
    Scott Allen
    Aug 12, 2004
  4. =?Utf-8?B?RGF2ZQ==?=

    AuthenticateRequest event and Roles

    =?Utf-8?B?RGF2ZQ==?=, Dec 20, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    588
    Daniel TIZON
    Dec 20, 2005
  5. Sandor
    Replies:
    0
    Views:
    410
    Sandor
    Feb 6, 2009
Loading...

Share This Page