Forms Authentication with UserData Problem

G

Guest

Hi all,
I am running ASP.NET 2.0, after login I need to pass CustomerID in my
database instead of username to other pages. I added following code to my
login.aspx

protected void Login_Authenticate(object sender, AuthenticateEventArgs e) {
//FormsAuthentication.SignOut();
if (Membership.ValidateUser(Login.UserName, Login.Password)) {
int customerID = GetCustomerIDByUsername(Login.UserName);
if (customerID > 0) {
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
Login.UserName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
Login.RememberMeSet,
customerID.ToString(),
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

e.Authenticated = true;
} else {
e.Authenticated = false;
}
} else {
e.Authenticated = false;
}
}

Then I have another page to read this cookie, FormsIdentity identity =
Context.User.Identity as FormsIdentity; I set a break point at this line, and
find out the cookie version is "2" instead of "1" I set in login.aspx. And I
cannot read my userData from cookie, it turns to be blank.

Anybody has idea what is wrong?

Thanks!
 
G

Guest

Hi there,

Login control does the same thing internally (passing String.Empty as user
defined data), please look at the exact code which is executed internally:

private void AttemptLogin()
{
if ((this.Page == null) || this.Page.IsValid)
{
LoginCancelEventArgs args1 = new LoginCancelEventArgs();
this.OnLoggingIn(args1);
if (!args1.Cancel)
{
AuthenticateEventArgs args2 = new AuthenticateEventArgs();
this.OnAuthenticate(args2);
if (args2.Authenticated)
{
FormsAuthentication.SetAuthCookie(
this.UserNameInternal, this.RememberMeSet);
this.OnLoggedIn(EventArgs.Empty);
this.Page.Response.Redirect(
this.GetRedirectUrl(), false);
}
else
{
//...
}
}
}
}

Because you're not redirecting after setting authentication cookie, login
control creates another cookie, that overwrites created one (version 2).
Provided code does the same thing so in theory you could redirect to request
page after cookie with custom data has been set:

// amended code you provided
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));
Response.Redirect(this.GetRedirectUrl(), true);

Beware current thread will be aborted, so you won't receive any events
(Login1_LoggedIn, page unload). Otherwise, it is not possible to attach user
data to form authentication cookie (of course when using login control)
without unpacking the ticket in Login.LoggedIn event handler, appending the
custom data and reissuing authentication cookie.

Hope this helps
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,905
Latest member
Kristy_Poole

Latest Threads

Top