Forms Authentication with UserData Problem

Discussion in 'ASP .Net' started by =?Utf-8?B?SGFyZHkgV2FuZw==?=, Feb 15, 2007.

  1. Hi all,
    I am running ASP.NET 2.0, after login I need to pass CustomerID in my
    database instead of username to other pages. I added following code to my
    login.aspx

    protected void Login_Authenticate(object sender, AuthenticateEventArgs e) {
    //FormsAuthentication.SignOut();
    if (Membership.ValidateUser(Login.UserName, Login.Password)) {
    int customerID = GetCustomerIDByUsername(Login.UserName);
    if (customerID > 0) {
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    Login.UserName,
    DateTime.Now,
    DateTime.Now.AddMinutes(60),
    Login.RememberMeSet,
    customerID.ToString(),
    FormsAuthentication.FormsCookiePath);

    // Encrypt the ticket.
    string encTicket = FormsAuthentication.Encrypt(ticket);

    // Create the cookie.
    Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    encTicket));

    e.Authenticated = true;
    } else {
    e.Authenticated = false;
    }
    } else {
    e.Authenticated = false;
    }
    }

    Then I have another page to read this cookie, FormsIdentity identity =
    Context.User.Identity as FormsIdentity; I set a break point at this line, and
    find out the cookie version is "2" instead of "1" I set in login.aspx. And I
    cannot read my userData from cookie, it turns to be blank.

    Anybody has idea what is wrong?

    Thanks!
    --
    Regards
    Hardy
     
    =?Utf-8?B?SGFyZHkgV2FuZw==?=, Feb 15, 2007
    #1
    1. Advertising

  2. Hi there,

    Login control does the same thing internally (passing String.Empty as user
    defined data), please look at the exact code which is executed internally:

    private void AttemptLogin()
    {
    if ((this.Page == null) || this.Page.IsValid)
    {
    LoginCancelEventArgs args1 = new LoginCancelEventArgs();
    this.OnLoggingIn(args1);
    if (!args1.Cancel)
    {
    AuthenticateEventArgs args2 = new AuthenticateEventArgs();
    this.OnAuthenticate(args2);
    if (args2.Authenticated)
    {
    FormsAuthentication.SetAuthCookie(
    this.UserNameInternal, this.RememberMeSet);
    this.OnLoggedIn(EventArgs.Empty);
    this.Page.Response.Redirect(
    this.GetRedirectUrl(), false);
    }
    else
    {
    //...
    }
    }
    }
    }

    Because you're not redirecting after setting authentication cookie, login
    control creates another cookie, that overwrites created one (version 2).
    Provided code does the same thing so in theory you could redirect to request
    page after cookie with custom data has been set:

    // amended code you provided
    // Create the cookie.
    Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    encTicket));
    Response.Redirect(this.GetRedirectUrl(), true);

    Beware current thread will be aborted, so you won't receive any events
    (Login1_LoggedIn, page unload). Otherwise, it is not possible to attach user
    data to form authentication cookie (of course when using login control)
    without unpacking the ticket in Login.LoggedIn event handler, appending the
    custom data and reissuing authentication cookie.

    Hope this helps
    --
    Milosz


    "Hardy Wang" wrote:

    > Hi all,
    > I am running ASP.NET 2.0, after login I need to pass CustomerID in my
    > database instead of username to other pages. I added following code to my
    > login.aspx
    >
    > protected void Login_Authenticate(object sender, AuthenticateEventArgs e) {
    > //FormsAuthentication.SignOut();
    > if (Membership.ValidateUser(Login.UserName, Login.Password)) {
    > int customerID = GetCustomerIDByUsername(Login.UserName);
    > if (customerID > 0) {
    > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    > Login.UserName,
    > DateTime.Now,
    > DateTime.Now.AddMinutes(60),
    > Login.RememberMeSet,
    > customerID.ToString(),
    > FormsAuthentication.FormsCookiePath);
    >
    > // Encrypt the ticket.
    > string encTicket = FormsAuthentication.Encrypt(ticket);
    >
    > // Create the cookie.
    > Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    > encTicket));
    >
    > e.Authenticated = true;
    > } else {
    > e.Authenticated = false;
    > }
    > } else {
    > e.Authenticated = false;
    > }
    > }
    >
    > Then I have another page to read this cookie, FormsIdentity identity =
    > Context.User.Identity as FormsIdentity; I set a break point at this line, and
    > find out the cookie version is "2" instead of "1" I set in login.aspx. And I
    > cannot read my userData from cookie, it turns to be blank.
    >
    > Anybody has idea what is wrong?
    >
    > Thanks!
    > --
    > Regards
    > Hardy
     
    =?Utf-8?B?TWlsb3N6IFNrYWxlY2tpIFtNQ0FEXQ==?=, Feb 16, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. e
    Replies:
    1
    Views:
    3,582
    John Saunders
    Oct 24, 2003
  2. Brian Shannon

    Forms Authentication UserData

    Brian Shannon, Aug 16, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    533
  3. Sean Patterson

    Authentication Ticket not storing UserData

    Sean Patterson, Jan 25, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    629
    Sean Patterson
    Jan 25, 2005
  4. Peter Rilling
    Replies:
    1
    Views:
    824
    bruce barker \(sqlwork.com\)
    Aug 3, 2006
  5. John Kievlan

    Cannot retrieve UserData in Forms Authentication

    John Kievlan, Jul 24, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    352
    tom hamilton
    Jul 25, 2003
Loading...

Share This Page