Problem with FormsAuthentication

Discussion in 'ASP .Net' started by David, Sep 6, 2005.

  1. David

    David Guest

    Hi all,

    I am having a slight issue with FormsAuthentication.

    I need to authenticate a user and while the page is still being processed,
    need to work with that authenticated user. I have set up a test page as
    follows...

    private void Page_Load(object sender, System.EventArgs e)
    {
    // Put user code to initialize the page here
    Label1.Text = User.Identity.IsAuthenticated.ToString();
    }

    private void Button1_Click(object sender, System.EventArgs e)
    {
    FormsAuthentication.SetAuthCookie("David", false);
    Label2.Text = User.Identity.Name;
    Label3.Text = "Sign In Button Clicked";
    }

    private void Button2_Click(object sender, System.EventArgs e)
    {
    FormsAuthentication.SignOut();
    Label2.Text = User.Identity.Name;
    Label3.Text = "Sign Out Button Clicked";
    }

    When I click button1, I need label2.text to show "David", however, it does
    not do this until I refresh the page (I can even click the sign out button,
    then it will show "David" but only once.)

    If I click button2, I expect it to sign me out, but as demonstrated, it
    doesn't sign out straight away.

    How else can I do this, without setting up a boolean property? I have done
    some searching. The results suggest that when I SetAuthCookie or SignOut,
    then I am logged in (or out, as the case may be).

    Thanks.

    Best regards,
    Dave Colliver.
    http://www.AshfieldFOCUS.com
    ~~
    http://www.FOCUSPortals.com - Local franchises available
    David, Sep 6, 2005
    #1
    1. Advertising

  2. David

    jasonkester Guest

    David wrote:
    > private void Button1_Click(object sender, System.EventArgs e)
    > {
    > FormsAuthentication.SetAuthCookie("David", false);
    > Label2.Text = User.Identity.Name;
    > Label3.Text = "Sign In Button Clicked";
    > }



    Why not:

    private void Button1_Click(object sender, System.EventArgs e)
    {
    FormsAuthentication.SetAuthCookie("David", false);
    Label2.Text = "David";
    Label3.Text = "Sign In Button Clicked";
    }

    As in, you already have everything you need to know about the user when
    you authorize him. Why would you want to look anything back up?

    To answer your question though, take a look at the name of the method
    you're calling: SetAuthCookie(). You are setting a cookie, which will
    be sent along with the HTTPHeaders to the browser, and be returned to
    you at the next request from that browser. At that point you'll be
    able to read it. Before that, it's not part of the Cookies collection,
    and thus not parsed by the ASP.NET helper functions that drop its value
    back into User.Identity for you.

    Hope this helps.


    Jason Kester
    Expat Software Consulting Services
    http://www.expatsoftware.com/
    jasonkester, Sep 7, 2005
    #2
    1. Advertising

  3. David

    David Guest

    "jasonkester" <> wrote in message
    news:...
    >
    > David wrote:
    >> private void Button1_Click(object sender, System.EventArgs e)
    >> {
    >> FormsAuthentication.SetAuthCookie("David", false);
    >> Label2.Text = User.Identity.Name;
    >> Label3.Text = "Sign In Button Clicked";
    >> }

    >
    >
    > Why not:
    >
    > private void Button1_Click(object sender, System.EventArgs e)
    > {
    > FormsAuthentication.SetAuthCookie("David", false);
    > Label2.Text = "David";
    > Label3.Text = "Sign In Button Clicked";
    > }
    >
    > As in, you already have everything you need to know about the user when
    > you authorize him. Why would you want to look anything back up?
    >
    > To answer your question though, take a look at the name of the method
    > you're calling: SetAuthCookie(). You are setting a cookie, which will
    > be sent along with the HTTPHeaders to the browser, and be returned to
    > you at the next request from that browser. At that point you'll be
    > able to read it. Before that, it's not part of the Cookies collection,
    > and thus not parsed by the ASP.NET helper functions that drop its value
    > back into User.Identity for you.
    >
    > Hope this helps.
    >
    >
    > Jason Kester
    > Expat Software Consulting Services
    > http://www.expatsoftware.com/


    Hi,

    The example I posted was just a test to demonstrate what happens.

    I know that SetAuthCookie sends a cookie down to the browser so that other
    pages can read it later. What I was thinking was that it might also set a
    flag somewhere in .NET whilst the page is running, showing me that the user
    is Authenticated. Something like setting the Context properties, such as
    User.Identity.IsAuthenticated = true and User.Identity.Name = "David".
    Obviously not, so, I need to check the page later to see if the user is
    Authenticated whilst the page is still running. How can I do this?

    As an added information... the FormsAuthentication is done in a user
    control. In the parent page, I am also checking if the
    User.Identity.IsAuthenticated is set. As the two Identity values are only
    gets, I need an alternative way to set them other than a round trip from the
    browser.

    Best regards,
    Dave Colliver.
    http://www.AshfieldFOCUS.com
    ~~
    http://www.FOCUSPortals.com - Local franchises available
    David, Sep 7, 2005
    #3
  4. David

    jasonkester Guest

    You could set a member variable on the user control when you
    authenticate user. Throw in a public accessor to that variable and the
    containing page will be able to read it.

    Again, you'll have all the information you need at the time you call
    SetAuthCookie. I agree it's sort of lame that you can't simply read
    this information back out of User.Identity, but it's really not that
    much extra work to stash it somewhere accessable for the remainder of
    the page load.

    My only idea as to why they designed it this way comes from looking at
    their example code. In every case, the call immediately after
    SetAuthCookie is RedirectFromLogin.

    Good luck!

    Jason Kester
    Expat Software Consulting Services
    http://www.expatsoftware.com/
    jasonkester, Sep 8, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Xavier MT

    Problem with FormsAuthentication

    Xavier MT, Oct 23, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    435
    John Saunders
    Oct 24, 2003
  2. Jeff B
    Replies:
    4
    Views:
    429
    Matt Berther
    Jan 11, 2005
  3. BoltonWolf
    Replies:
    5
    Views:
    5,968
    =?Utf-8?B?RXJpYyBXaWxzb24=?=
    Jan 5, 2006
  4. Niels Schoot
    Replies:
    0
    Views:
    421
    Niels Schoot
    Mar 14, 2005
  5. Nitin
    Replies:
    2
    Views:
    679
    Nitin
    Mar 31, 2005
Loading...

Share This Page