Newbee question; form authentication

[Nico den Boer]

Hello all,

I have a problem with retrieving roles.

In the login form, I do the following things;
- Retrieve roles (string, format like "Administrator|User|Guest")
- Create a FormsAuthenticationTicket with these roles as parameter
- Crypt the thicket, create a cookie with this ticket
- Store the cookie in the response / session

(traced / debugged this part, works fine)

In the global.asax.cs, method Application_AuthenticateRequest, I:
- Retrieve the cookie, decrypt it, split the roles into an array
- Create a new FormsIdentity object, IPrincipal object and store that one to
Context.User

For this, I followed the instructions in
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod18.asp

In a all user forms, I can now extract the username via
Context.User.Identity.Name
That works fine.

The problem is now that the roles are lost somewhere, somehow. It's like
magic...
Tracing everyting, retrieving and decrypting the cookie works fine, but
authTicket.UserData is an empty string.

Now where are my roles ?
Any help would be greatly appriciated.

Kind regards, Nico

 

[Hernan de Lahitte]

Hi Nico,

Perhaps your problem is with the max lenght of your user data string that
you are storing inside the cookie.
Here is a post that will show some details about this.
http://weblogs.asp.net/hernandl/archive/2004/07/30/FormsAuthRolesRev.aspx

And there is another one that explains some perf. gains when using this
approach for role authz with forms.
http://weblogs.asp.net/hernandl/archive/2004/08/05/FormsAuthRoles2.aspx

Regards,
Hernan.

 

[Nico den Boer]

Thanks Hernan,

I've read the articles, they are very useful !

Kind regards,
Nico