Best way to handle AuthenticateRequest?

Discussion in 'ASP .Net Security' started by rh, Feb 3, 2004.

  1. rh

    rh Guest

    I've been reading a lot of articles about how to handle roles based security in ASP.NET and I've seen two popular methods of handling AuthenticateRequest and I'm curious which is preferred. (I've omitted most error checking to simplify the code).

    Option 1 (from MSDN patterns & practices - extract cookie and decrypt):
    ---
    string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];
    if (authCookie == null)
    return;
    FormsAuthenticationTicket authTicket = null;
    authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    string[] roles = authTicket.UserData.Split(new char[]{'|'});
    FormsIdentity id = new FormsIdentity( authTicket );
    GenericPrincipal principal = new GenericPrincipal(id, roles);
    Context.User = principal;
    ---

    Option 2 (various articles - cast identity, get forms ticket):
    ---
    FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
    FormsAuthenticationTicket ticket = id.Ticket;
    string userData = ticket.UserData;
    string[] roles = userData.Split(',');
    HttpContext.Current.User = new GenericPrincipal(id, roles);
    ---

    Option 2 makes me think the FormsAuthentication class is doing a lot of stuff behind the scenes but I haven't found the documentation on it (not that it doesn't exist). Is the FormsAuthentication class automatically picking up the cookie and decrypting it with each page request? And if this is the case, then why does the "official" MS method ignore this feature and do things manually?? Thanks for the input!
     
    rh, Feb 3, 2004
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ravikanth[MVP]
    Replies:
    6
    Views:
    4,127
    Aemca
    Jul 18, 2003
  2. Thomas Scheiderich

    Best way to handle documents in ASP.NET

    Thomas Scheiderich, May 20, 2004, in forum: ASP .Net
    Replies:
    11
    Views:
    2,646
    Jim Corey
    May 20, 2004
  3. Alan Silver
    Replies:
    4
    Views:
    495
    Alan Silver
    Feb 16, 2005
  4. =?Utf-8?B?RGF2ZQ==?=

    AuthenticateRequest event and Roles

    =?Utf-8?B?RGF2ZQ==?=, Dec 20, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    664
    Daniel TIZON
    Dec 20, 2005
  5. Sandor
    Replies:
    0
    Views:
    523
    Sandor
    Feb 6, 2009
  6. Leslie
    Replies:
    3
    Views:
    663
    Dominick Baier [DevelopMentor]
    May 26, 2005
  7. Jason
    Replies:
    0
    Views:
    188
    Jason
    Dec 8, 2005
  8. Tyler Carver
    Replies:
    3
    Views:
    1,157
    Dominick Baier [DevelopMentor]
    Mar 1, 2006
Loading...