Why do we need more code in Application_AuthenticateRequest()?

G

Guest

Hello, friends,

I am implementing a role based authentication (Forms authentication) for our
web app using .net 1.1. I read the paper:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp

However, what I could not understand was: After adding a new cookie with
user's roles,

string encryptedTicket = FormsAuthentication.Encrypt(authTicketWithRoleInfo);
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie);
Response.Redirect( FormsAuthentication.GetRedirectUrl(
txtUserName.Text,
false ));

why one still should "Construct GenericPrincipal and FormsIdentity Objects"
in Application_AuthenticateRequest(), like the follows?

authTicket = FormsAuthentication.Decrypt(authCookie.Value);
string[] roles = authTicket.UserData.Split(new char[]{'|'});
FormsIdentity id = new FormsIdentity( authTicket );
GenericPrincipal principal = new GenericPrincipal(id, roles);
Context.User = principal;

I thought Response.Cookies.Add(authCookie) already included all info for IIS
to check. Can we skip the above source code in
Application_AuthenticateRequest()? Why?

Thanks a lot for your help.
 
D

Darrin

I'm not completely sure what your overall intentions are with the forms
authentication, but I would use the second part to load named roles
into the genericPrincipal object so that my forms authentication would
support different roles having access to different directories. That
way I can specify role access to directories and files (compiled pages)
in the web.config file instead manually coding the access. It also
assigns your current context user to that ticket and roles in case you
wanted to access who you are dealing with from code somewhere.

-Darrin
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top