Newbee question; form authentication

Discussion in 'ASP .Net Security' started by Nico den Boer, Nov 4, 2004.

  1. Hello all,

    I have a problem with retrieving roles.

    In the login form, I do the following things;
    - Retrieve roles (string, format like "Administrator|User|Guest")
    - Create a FormsAuthenticationTicket with these roles as parameter
    - Crypt the thicket, create a cookie with this ticket
    - Store the cookie in the response / session

    (traced / debugged this part, works fine)

    In the global.asax.cs, method Application_AuthenticateRequest, I:
    - Retrieve the cookie, decrypt it, split the roles into an array
    - Create a new FormsIdentity object, IPrincipal object and store that one to
    Context.User

    For this, I followed the instructions in
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod18.asp

    In a all user forms, I can now extract the username via
    Context.User.Identity.Name
    That works fine.

    The problem is now that the roles are lost somewhere, somehow. It's like
    magic...
    Tracing everyting, retrieving and decrypting the cookie works fine, but
    authTicket.UserData is an empty string.

    Now where are my roles ?
    Any help would be greatly appriciated.

    Kind regards, Nico
     
    Nico den Boer, Nov 4, 2004
    #1
    1. Advertisements

  2. Hernan de Lahitte, Nov 5, 2004
    #2
    1. Advertisements

  3. Thanks Hernan,

    I've read the articles, they are very useful !

    Kind regards,
    Nico
     
    Nico den Boer, Nov 8, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.