forms authentication ticket .userdata vanishing

Discussion in 'ASP .Net' started by e, Oct 23, 2003.

  1. e

    e Guest

    I'm using forms authentication on a site. When the user logs in via the
    login page, the entered creds are checked against AD, and if valid, an
    encrypted forms authentication ticket is produced and stored in the forms
    auth cookie (and written to the client), using this code:
    ____________________

    'create the forms auth ticket

    objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
    DateTime.Now, DateTime.Now.AddMinutes(8), False, _
    "Data string I want to keep in the Ticket .UserData property")

    'encrypt it

    strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)

    'stick it in the forms auth cookie

    objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
    strEncryptedTicket)

    'place the cookie on the client

    Response.Cookies.Add(objAuthCookie)
    ____________________

    If I immediately retreive the cookie using this code:
    ____________________

    'pick up the cookie from the client

    objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)

    'decrypt/extract the ticket object from the cookie

    objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
    ____________________

    ....and examine the objAuthTicket.UserData, it contains the expected result:

    "Data string I want to keep in the Ticket .UserData property"

    However in Global.asax, in the Application_AuthenticateRequest event (which
    is whre I need to read this ticket data for impersonation & security
    purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
    into a ticket object using the exact same code as before:
    ____________________

    'pick up the cookie

    objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)

    'decrypt/extract the ticket object from the cookie

    objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
    ____________________

    ....and examine the objAuthTicket.Userdata, it now contains an unexpected
    result:

    ""

    Nothing. The issue date, expiration date, name, isPersistant, all other
    aspects of the ticket have correct values, but the userData is now
    nullstring. Does anyone have any ideas as to why that is? The login button
    click handler and the Application_AuthenticateRequest event are the only 2
    places I'm ever touching the cookie in the entire app.
    e, Oct 23, 2003
    #1
    1. Advertising

  2. "e" <> wrote in message news:...
    > I'm using forms authentication on a site. When the user logs in via the
    > login page, the entered creds are checked against AD, and if valid, an
    > encrypted forms authentication ticket is produced and stored in the forms
    > auth cookie (and written to the client), using this code:
    > ____________________
    >
    > 'create the forms auth ticket
    >
    > objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
    > DateTime.Now, DateTime.Now.AddMinutes(8), False, _
    > "Data string I want to keep in the Ticket .UserData property")
    >
    > 'encrypt it
    >
    > strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)
    >
    > 'stick it in the forms auth cookie
    >
    > objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
    > strEncryptedTicket)
    >
    > 'place the cookie on the client
    >
    > Response.Cookies.Add(objAuthCookie)
    > ____________________
    >
    > If I immediately retreive the cookie using this code:
    > ____________________
    >
    > 'pick up the cookie from the client
    >
    > objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
    >
    > 'decrypt/extract the ticket object from the cookie
    >
    > objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
    > ____________________
    >
    > ...and examine the objAuthTicket.UserData, it contains the expected

    result:
    >
    > "Data string I want to keep in the Ticket .UserData property"
    >
    > However in Global.asax, in the Application_AuthenticateRequest event

    (which
    > is whre I need to read this ticket data for impersonation & security
    > purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
    > into a ticket object using the exact same code as before:
    > ____________________
    >
    > 'pick up the cookie
    >
    > objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
    >
    > 'decrypt/extract the ticket object from the cookie
    >
    > objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
    > ____________________
    >
    > ...and examine the objAuthTicket.Userdata, it now contains an unexpected
    > result:
    >
    > ""
    >
    > Nothing. The issue date, expiration date, name, isPersistant, all other
    > aspects of the ticket have correct values, but the userData is now
    > nullstring. Does anyone have any ideas as to why that is? The login

    button
    > click handler and the Application_AuthenticateRequest event are the only 2
    > places I'm ever touching the cookie in the entire app.
    >



    I don't know why your code doesn't work, but in my code, I use the
    FormsAuthenticationTicket directly:

    if (!Request.IsAuthenticated) return;

    FormsIdentity fi = (FormsIdentity) User.Identity;
    FormsAuthenticationTicket ticket = fi.Ticket;
    // You can now use ticket.UserData
    --
    John
    John Saunders, Oct 24, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian Shannon

    Forms Authentication UserData

    Brian Shannon, Aug 16, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    526
  2. Sean Patterson

    Authentication Ticket not storing UserData

    Sean Patterson, Jan 25, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    626
    Sean Patterson
    Jan 25, 2005
  3. Peter Rilling
    Replies:
    1
    Views:
    817
    bruce barker \(sqlwork.com\)
    Aug 3, 2006
  4. Lauchlan M
    Replies:
    0
    Views:
    224
    Lauchlan M
    Oct 1, 2003
  5. jfer
    Replies:
    3
    Views:
    552
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
Loading...

Share This Page