Forms Authentication and requireSSL, what's the recommended best practice

M

mikemad

I have an ASP.NET 1.1 Web app and am now implementing SSL. It used
forms authentication. Everything works fine but I get unexpected(by me)
behavior when I set the requireSSL in the config file.

My scenario is, I want to login securely in a secure directory and then
redirect to the home page of the site. Pretty standard. If they are
logged in, then display a header bar with a few menu items such as
"Profile", etc. I am checking the Request.IsAuthenticated and if it is
true, I show the header bar. Well, IsAuthenticated is false when I'm
not under the SSL directory so it doesn't display my header bar. What's
the recommended way of doing this kind of common operation. I could
just set a Session variable when I login and display the menu if that
session variable is set. Is there a better way??
Thanks,

Mike Maddox
Creative Journey Consulting
 
M

mikemad

Anyone have any ideas? Since the Auth cookie is only passed when I'm
under SSL, what about the Session cookie. If I set a value in SESSION
to signify that I logged in, wouldn't that work? Am Imissing something??
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top