Cannot retrieve UserData in Forms Authentication

Discussion in 'ASP .Net Security' started by John Kievlan, Jul 24, 2003.

  1. John Kievlan

    John Kievlan Guest

    I am using FormsAuthentication for my application, and in
    the UserData property of the FormsAuthenticationTicket
    I'm storing the roles that the user is a member of, to
    retrieve in global.asax and create a GenericPrincipal
    object. Problem is, after the user logs in, I can get
    the ticket just fine from the cookie, and all the data is
    there -- except for the UserData property. It's empty.

    I set the UserData as follows:

    Dim authTicket As New FormsAuthenticationTicket(1,
    txtUserID.Text, DateTime.Now, DateTime.Now.AddHours(1),
    False, GetRoles(txtUserID.Text))
    Dim encryptedTicket As String =
    FormsAuthentication.Encrypt(authTicket)
    Dim authCookie As New HttpCookie
    (FormsAuthentication.FormsCookieName, encryptedTicket)
    Response.Cookies.Add(authCookie)

    Then I get the same cookie back in global.asax:

    Dim cookieName As String =
    FormsAuthentication.FormsCookieName
    Dim authCookie As HttpCookie = Context.Request.Cookies
    (cookieName)

    If authCookie Is Nothing Then Exit Sub

    Dim authTicket As FormsAuthenticationTicket =
    FormsAuthentication.Decrypt(authCookie.Value)

    If authTicket Is Nothing Then Exit Sub

    Dim roles() As String = Split
    (authTicket.UserData, "|") ' Roles are in the
    format "Role1|Role2|...|RoleN"

    Dim id As New FormsIdentity(authTicket)

    Dim principal As New GenericPrincipal(id, roles)

    Context.User = principal

    And the user isn't in the given roles. I went back and
    put:

    Response.Write("'" & authTicket.UserData & "'")

    in the global.asax file, and I get an empty string.
    Anyone have an idea?
    John Kievlan, Jul 24, 2003
    #1
    1. Advertising

  2. John Kievlan

    tom hamilton Guest

    Your code matches what I use. And I just re-ran my code,
    and am getting user data back from the cookie.

    I assume your setting the ticket in a login page. And
    have added the necessary web.config entries. I haven't
    tried my code against a browser that doesn't accept
    cookies.

    Sorry that the only assitance is to note that your code
    appears correct. I'm only guessing that the problem lies
    in configuration.

    >-----Original Message-----
    >I am using FormsAuthentication for my application, and in
    >the UserData property of the FormsAuthenticationTicket
    >I'm storing the roles that the user is a member of, to
    >retrieve in global.asax and create a GenericPrincipal
    >object. Problem is, after the user logs in, I can get
    >the ticket just fine from the cookie, and all the data is
    >there -- except for the UserData property. It's empty.
    >
    >I set the UserData as follows:
    >
    >Dim authTicket As New FormsAuthenticationTicket(1,
    >txtUserID.Text, DateTime.Now, DateTime.Now.AddHours(1),
    >False, GetRoles(txtUserID.Text))
    >Dim encryptedTicket As String =
    >FormsAuthentication.Encrypt(authTicket)
    >Dim authCookie As New HttpCookie
    >(FormsAuthentication.FormsCookieName, encryptedTicket)
    >Response.Cookies.Add(authCookie)
    >
    >Then I get the same cookie back in global.asax:
    >
    >Dim cookieName As String =
    >FormsAuthentication.FormsCookieName
    >Dim authCookie As HttpCookie = Context.Request.Cookies
    >(cookieName)
    >
    >If authCookie Is Nothing Then Exit Sub
    >
    >Dim authTicket As FormsAuthenticationTicket =
    >FormsAuthentication.Decrypt(authCookie.Value)
    >
    >If authTicket Is Nothing Then Exit Sub
    >
    >Dim roles() As String = Split
    >(authTicket.UserData, "|") ' Roles are in the
    >format "Role1|Role2|...|RoleN"
    >
    >Dim id As New FormsIdentity(authTicket)
    >
    >Dim principal As New GenericPrincipal(id, roles)
    >
    >Context.User = principal
    >
    >And the user isn't in the given roles. I went back and
    >put:
    >
    >Response.Write("'" & authTicket.UserData & "'")
    >
    >in the global.asax file, and I get an empty string.
    >Anyone have an idea?
    >.
    >
    tom hamilton, Jul 25, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. e
    Replies:
    1
    Views:
    3,559
    John Saunders
    Oct 24, 2003
  2. Brian Shannon

    Forms Authentication UserData

    Brian Shannon, Aug 16, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    520
  3. Sean Patterson

    Authentication Ticket not storing UserData

    Sean Patterson, Jan 25, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    613
    Sean Patterson
    Jan 25, 2005
  4. Peter Rilling
    Replies:
    1
    Views:
    803
    bruce barker \(sqlwork.com\)
    Aug 3, 2006
  5. =?Utf-8?B?SGFyZHkgV2FuZw==?=

    Forms Authentication with UserData Problem

    =?Utf-8?B?SGFyZHkgV2FuZw==?=, Feb 15, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    2,849
    =?Utf-8?B?TWlsb3N6IFNrYWxlY2tpIFtNQ0FEXQ==?=
    Feb 16, 2007
Loading...

Share This Page