D
Dean R. Henderson
I setup FormsAuthentication on a couple websites where it has been working
as expected for a long time. I used this code to setup the same type of
authentication on a new website I am working on and the Cookie Name is not
getting setup the same way.
In my Web.config file, I use the following basic settings on both the old
and new websites:
<authentication mode="Forms">
<forms name="SiteAuth" loginUrl="Logon.aspx" protection="All"
path="/"></forms>
</authentication>
Both old and new websites have a Logon.aspx form with a btnLOGON button to
process the Logon request and perform the steps to send an authentication
cookie to the user's browser:
Private Sub btnLOGON_Clicked(ByVal sender As Object, ByVal e As
EventArgs) Handles btnLOGON.Clicked
' Do checks to validate Email and Password before reaching this
point...
Dim roles As String = GetRoles(txtEmail.Text)
Dim authticket As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, txtEmail.Text, DateTime.Now,
DateTime.Now.AddDays(30), cbRemember.Checked, roles)
Dim encryptedticket As String =
FormsAuthentication.Encrypt(authticket)
Dim authcookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedticket)
Response.Cookies.Add(authcookie)
FormsAuthentication.RedirectFromLoginPage(FormsAuthentication.FormsCookieNam
e, cbRemember.Checked)
End Sub
Both old and new websites have Global.asax.vb AuthenticateRequest logic to
get the authentication cookie from the user so the HttpContext.Current.User
information can be used in one of my website pages to determine who an
authenticated user is and to setup information specific to that user.
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then Return
Dim authTicket As FormsAuthenticationTicket = Nothing
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
If authTicket Is Nothing Then Return
Dim roles As String() = authTicket.UserData.Split("|".ToCharArray)
Dim id As FormsIdentity = New FormsIdentity(authTicket)
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles)
Context.User = principal
End Sub
On the old websites, the value contained in UserPrincipal.Identity.Name is
the value specified in 'txtEmail.Text' as noted in the Logon page above.
But on the new website, the value is 'SiteAuth' (as specified in my
Web.config file for the forms name value), so I am not able to setup
information for the specific user that was previously authenticated.
Private Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.Load
UserPrincipal = HttpContext.Current.User
If UserPrincipal.Identity.Name = "" Then
' Setup for condition where no user information is available
Else
' Use the value from UserPrincipal.Identity.Name to setup user
information
End If
End Sub
I have looked thru the various entries in my Web.config on both the old and
new websites to see if there is something causing the new website to replace
the email value with the 'forms name' value of 'SiteAuth' ... Anyone have
any ideas why the old and new websites are acting differently?
Thanks, Dean
as expected for a long time. I used this code to setup the same type of
authentication on a new website I am working on and the Cookie Name is not
getting setup the same way.
In my Web.config file, I use the following basic settings on both the old
and new websites:
<authentication mode="Forms">
<forms name="SiteAuth" loginUrl="Logon.aspx" protection="All"
path="/"></forms>
</authentication>
Both old and new websites have a Logon.aspx form with a btnLOGON button to
process the Logon request and perform the steps to send an authentication
cookie to the user's browser:
Private Sub btnLOGON_Clicked(ByVal sender As Object, ByVal e As
EventArgs) Handles btnLOGON.Clicked
' Do checks to validate Email and Password before reaching this
point...
Dim roles As String = GetRoles(txtEmail.Text)
Dim authticket As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, txtEmail.Text, DateTime.Now,
DateTime.Now.AddDays(30), cbRemember.Checked, roles)
Dim encryptedticket As String =
FormsAuthentication.Encrypt(authticket)
Dim authcookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedticket)
Response.Cookies.Add(authcookie)
FormsAuthentication.RedirectFromLoginPage(FormsAuthentication.FormsCookieNam
e, cbRemember.Checked)
End Sub
Both old and new websites have Global.asax.vb AuthenticateRequest logic to
get the authentication cookie from the user so the HttpContext.Current.User
information can be used in one of my website pages to determine who an
authenticated user is and to setup information specific to that user.
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
If authCookie Is Nothing Then Return
Dim authTicket As FormsAuthenticationTicket = Nothing
authTicket = FormsAuthentication.Decrypt(authCookie.Value)
If authTicket Is Nothing Then Return
Dim roles As String() = authTicket.UserData.Split("|".ToCharArray)
Dim id As FormsIdentity = New FormsIdentity(authTicket)
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles)
Context.User = principal
End Sub
On the old websites, the value contained in UserPrincipal.Identity.Name is
the value specified in 'txtEmail.Text' as noted in the Logon page above.
But on the new website, the value is 'SiteAuth' (as specified in my
Web.config file for the forms name value), so I am not able to setup
information for the specific user that was previously authenticated.
Private Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.Load
UserPrincipal = HttpContext.Current.User
If UserPrincipal.Identity.Name = "" Then
' Setup for condition where no user information is available
Else
' Use the value from UserPrincipal.Identity.Name to setup user
information
End If
End Sub
I have looked thru the various entries in my Web.config on both the old and
new websites to see if there is something causing the new website to replace
the email value with the 'forms name' value of 'SiteAuth' ... Anyone have
any ideas why the old and new websites are acting differently?
Thanks, Dean