Roles and Forms Authentication problems

Discussion in 'ASP .Net Security' started by wrecker, Aug 24, 2005.

  1. wrecker

    wrecker Guest

    Hello all,

    I have been struggling with getting role-based security working with forms authentication. There
    are two things happening/not happening in my code that for the life of me I can not figure out.

    The first is that when I create my authentication ticket containing my roles and add the cookie, the
    cookie will not add if I use

    Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)
    HttpContext.Current.Response.Cookies.Add(cookie)

    However, if I hardcode the name of the cookie then the cookie will add

    Dim cookie As HttpCookie = New HttpCookie("MY.AUTH", hash)
    HttpContext.Current.Response.Cookies.Add(cookie)

    When I examine FormsAuthentication.FormsCookieName in the debugger is does indeed show the proper
    value for the cookie name from the web.config. What is going on?

    Second, in the global.asax Application_AuthenticateRequest() when I try to retrieve the role
    information that I have stored in the cookie, the ticket is filled in with all the appropriate
    information that I'd set upon login (like name, expiration etc.) but the ticket.UserData is blank!



    If Not (HttpContext.Current.User Is Nothing) Then
    If HttpContext.Current.User.Identity.IsAuthenticated Then
    If TypeOf HttpContext.Current.User.Identity Is System.Web.Security.FormsIdentity
    Then

    Dim id As System.Web.Security.FormsIdentity
    id = CType(HttpContext.Current.User.Identity, System.Web.Security.FormsIdentity)
    Dim ticket As System.Web.Security.FormsAuthenticationTicket
    ticket = id.Ticket

    Dim userData As String = ticket.UserData
    Dim roles() As String = userData.Split(",")
    HttpContext.Current.User = New GenericPrincipal(id, roles)
    End If
    End If
    End If

    Both of these problems are very strange and I have not benn able to find a resolution for either of
    them. I wrote a small test application seperate from main application and I'm not seeing the
    problems that I am here. Could it be related to how the application is set up? The root directory
    contains the web.config and the global.asax. The login page resides in a secure folder under root.
    The code that logs that authenticates the user, creates the ticket and adds the cookie resides in
    module of common functions in a folder called common.

    /root
    /root/web.config
    /root/global.asax

    /root/secure/login.aspx

    /root/common/common.vb

    This folder structure (which I inherited from a previous developer) is the only thing different from
    my test application and my main application.

    Can someone help me solve this very strange problem?

    Thanks

    Ren
     
    wrecker, Aug 24, 2005
    #1
    1. Advertising

  2. wrecker

    wrecker Guest

    I've researched and test this a bit more and there has been mention of a size limit on the data that
    you can store in UserData

    http://weblogs.asp.net/hernandl/archive/2004/07/30/FormsAuthRolesRev.aspx

    The size of the encrypted ticket I am passing is only 224 bytes so I suspect that this isn't the
    problem.

    I also noticed that I didn't have the path set to "/" in the forms section of the authentication
    node in web.config. I've set it now and it seems to have made no difference.
     
    wrecker, Aug 24, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,496
    Tommy
    Feb 13, 2004
  2. =?Utf-8?B?RWQ=?=
    Replies:
    2
    Views:
    641
    John Saunders
    Jun 4, 2004
  3. Phil Townsend

    forms authentication and roles

    Phil Townsend, Oct 27, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    436
    Phil Townsend
    Oct 27, 2004
  4. Eric
    Replies:
    2
    Views:
    556
  5. Eric
    Replies:
    0
    Views:
    198
Loading...

Share This Page