FormsAuthentication Encrypt/Decrypt Problem/Issue

Discussion in 'ASP .Net Security' started by Sherwood, Jan 22, 2005.

  1. Sherwood

    Sherwood Guest

    I'm using the C# sample from MSDN on how to authenticate against an active
    directory. What I notice is that I get the list of groups placed in the
    ticket, it gets encrypted just great. (I'm watching this in the debugger).
    Then when I step through the code and get to the decryption function, it
    decrypts the ticket, but my user groups are gone, they are just "", which
    causes my "isinrole" checks to fail.

    I'm baffled by this.

    code snippets from the sample below: "Domain" is a valid appconfig key

    // code snippet from login.aspx.cs
    // Retrieve the user's groups
    string groups = adAuth.GetGroups(Domain,
    UserName.Value,
    UserPass.Value);
    // Create the authetication ticket
    FormsAuthenticationTicket authTicket =
    new FormsAuthenticationTicket(1, // version
    UserName.Value,
    DateTime.Now,
    DateTime.Now.AddMinutes(60),
    false, groups);
    // Now encrypt the ticket.
    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
    // Create a cookie and add the encrypted ticket to the
    // cookie as data.
    HttpCookie authCookie =
    new HttpCookie(FormsAuthentication.FormsCookieName,
    encryptedTicket);
    // Add the cookie to the outgoing cookies collection.
    Response.Cookies.Add(authCookie);

    // Print out the authTicket.UserData to make sure I actually have the groups
    Msg.Text = "Authentication succeeded" + "<br>" + "Groups: " +
    authTicket.UserData;

    // The above line is validated by stepping through the debugger, the groups
    appear
    // although not all of them - Domain users doesn't appear, I'm not sure why
    that is
    // maybe that is a code problem

    // Redirect the user to the originally requested page
    FormsAuthentication.RedirectFromLoginPage(UserName.Value, false);

    Now as I'm stepping through the code I hit global.asax.cs where I set
    breakpoints.

    // code snippet from global.asax.cs
    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
    // Extract the forms authentication cookie
    string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];
    if(null == authCookie)
    {
    // There is no authentication cookie.
    return;
    }
    FormsAuthenticationTicket authTicket = null;
    try
    {
    authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    }

    When I hit the above try and look at authTicket in the debugger, the
    uservalues are "" instead of containing my groups. This is why my "isinrole"
    check fails.

    So I guess I have two questions:
    1) Why do I not pick up all user groups? I pick up the one I created by not
    the builtin domain users group, is that by design?
    2) Why would a decrypt be successfull, but be missing userdata from the
    cookie. All the other data in the ticket looks great.

    If anyone can help me resolve this, I'd be grateful.

    Sherwood
    Sherwood, Jan 22, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TWlrZQ==?=
    Replies:
    0
    Views:
    941
    =?Utf-8?B?TWlrZQ==?=
    Aug 31, 2005
  2. Replies:
    5
    Views:
    3,038
    srisha
    Aug 30, 2007
  3. cencio1980
    Replies:
    0
    Views:
    722
    cencio1980
    Jan 29, 2008
  4. Mike

    FormsAuthentication.Encrypt and Decrypt

    Mike, Sep 1, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    141
  5. Replies:
    1
    Views:
    423
    Daniel Martin
    Jun 16, 2007
Loading...

Share This Page