Reconnect to a session and authenticate.

[Jerry C]

I have an asp.net application using forms authentication. On one of my pages
I use a control that does not return the cookies in firefox. (the creator of
the control will remain nameless) I can include the session cookie
"ASP.NET_SessionId" and the cookie “CD†placed by the forms authentication in
the querystring. The Question is how do I reconnect to the session and
reauthenticate when this page posts back so my session vars are there.

 

[Steven Cheng]

Hi Jerry,

From your description, I understand you want to programmatically restore a
certain session connection or forms authentication connection in your code
(by supplying the sessionID or authentication info) , correct?

Based on my understanding, for forms authentication, it is quite easy to
regenerate the authentication state, you can simply call the following
method to make the current user be authenticated again(supply the username):

FormsAuthentication.SetAuthCookie(username, true);

However, for session state, it is always done(validate client cookie) by
the built-in session state module. If you put the session state info(such
as ID) in querystring, runtime will not know it. You can try manually add
the cookie (that contain the sessionID you previously stored) into ASP.NET
response.

If this not work, you may have a look at creating a custom
SessionIDManager, that can help you add your own code logic to read and
generate sessionID:

#Overcoming IE Bug with a Custom SessionIDManager
http://blogs.microsoft.co.il/blogs/dorony/

#SessionIDManager Class
http://msdn2.microsoft.com/en-us/library/system.web.sessionstate.sessionidma
nager(VS.80).aspx

#ASP.NET 2.0 Training : Customizing the Session State Mechanism
http://www.exforsys.com/tutorials/asp.net-2.0/asp.net-2.0-customizing-the-se
ssion-state-mechanism.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[Jerry C]

Steven,

Thank you for your reply,

I solved this problem by adding the cookies and doing a server transfer. To
me it is much simpler.

If Not IsNothing(Request.QueryString("SessionID")) Then 'if the Qstring is
there
If IsNothing(Request.Cookies("CD")) Then 'if the cookie I want is
missing
'add the Cookies
Response.Cookies.Add(New HttpCookie("CD",
Request.QueryString("cdAuth")))
Response.Cookies.Add(New HttpCookie("ASP.NET_SessionId",
Request.QueryString("SessionID")))
'do the server transferr now the cookies are there
Server.Transfer("UploadMultipleAssets.aspx", True)
End If

End If
--

Thank you
Jerry

Hi Jerry,

From your description, I understand you want to programmatically restore a
certain session connection or forms authentication connection in your code
(by supplying the sessionID or authentication info) , correct?

Based on my understanding, for forms authentication, it is quite easy to
regenerate the authentication state, you can simply call the following
method to make the current user be authenticated again(supply the username):

FormsAuthentication.SetAuthCookie(username, true);

However, for session state, it is always done(validate client cookie) by
the built-in session state module. If you put the session state info(such
as ID) in querystring, runtime will not know it. You can try manually add
the cookie (that contain the sessionID you previously stored) into ASP.NET
response.

If this not work, you may have a look at creating a custom
SessionIDManager, that can help you add your own code logic to read and
generate sessionID:

#Overcoming IE Bug with a Custom SessionIDManager
http://blogs.microsoft.co.il/blogs/dorony/

#SessionIDManager Class
http://msdn2.microsoft.com/en-us/library/system.web.sessionstate.sessionidma
nager(VS.80).aspx

#ASP.NET 2.0 Training : Customizing the Session State Mechanism
http://www.exforsys.com/tutorials/asp.net-2.0/asp.net-2.0-customizing-the-se
ssion-state-mechanism.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[Steven Cheng]

That's great!

Thanks for sharing this with us.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: =?Utf-8?B?SmVycnkgQw==?= <[email protected]>
References: <[email protected]>

 

[Jerry C]

Steven,

The solution I posted did not work in all cases. I used the custom session
Id manager in the link.

Now the question is how do I restore the authentication without sending the
user name in the Qstring. I do store the forms auth cookie in the query
string. How do I use it the authenticate.

Thank you
--
Jerry

Hi Jerry,

From your description, I understand you want to programmatically restore a
certain session connection or forms authentication connection in your code
(by supplying the sessionID or authentication info) , correct?

Based on my understanding, for forms authentication, it is quite easy to
regenerate the authentication state, you can simply call the following
method to make the current user be authenticated again(supply the username):

FormsAuthentication.SetAuthCookie(username, true);

However, for session state, it is always done(validate client cookie) by
the built-in session state module. If you put the session state info(such
as ID) in querystring, runtime will not know it. You can try manually add
the cookie (that contain the sessionID you previously stored) into ASP.NET
response.

If this not work, you may have a look at creating a custom
SessionIDManager, that can help you add your own code logic to read and
generate sessionID:

#Overcoming IE Bug with a Custom SessionIDManager
http://blogs.microsoft.co.il/blogs/dorony/

#SessionIDManager Class
http://msdn2.microsoft.com/en-us/library/system.web.sessionstate.sessionidma
nager(VS.80).aspx

#ASP.NET 2.0 Training : Customizing the Session State Mechanism
http://www.exforsys.com/tutorials/asp.net-2.0/asp.net-2.0-customizing-the-se
ssion-state-mechanism.html

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[Steven Cheng]

Hi Jerry,

As for restorting FormsAuthentication state, I think it's much easier than
session since the FormsAuthentication.SetAuthCookie method I mentioned
earlier can help regenerate the authenticate cookie. Therefore, I think
what you need to do is just store the username in a custom cookie item. And
later when you need to regenerate the authenticate state, just read the
username from that cookie item and call the
FormsAuthentication.SetAuthCookie, how do you think?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: =?Utf-8?B?SmVycnkgQw==?= <[email protected]>
References: <[email protected]>

Subject: RE: Reconnect to a session and authenticate.
Date: Wed, 5 Mar 2008 07:43:03 -0800

Steven,

The solution I posted did not work in all cases. I used the custom session
Id manager in the link.

Now the question is how do I restore the authentication without sending the
user name in the Qstring. I do store the forms auth cookie in the query
string. How do I use it the authenticate.

Thank you

 

[Jerry C]

Steven,

Thank you for your reply,

I used :
Dim authTicket As FormsAuthenticationTicket =
FormsAuthentication.Decrypt(Request.QueryString("cdAuth"))

Dim userName As String = authTicket.Name
FormsAuthentication.SetAuthCookie(userName, True)

So I did not have to put the user name in the Qstring. This way I put the
encripted ticket in the Qstring and then decryped the ticket and retrieved
the name and used SetAuthcookie.

 

[Steven Cheng]

Thanks for your reply Jerry,

Cool, that's also a good approach since you only store the encrypted ticket
in client side. Thanks for sharing this.

Best regards,

Steven Cheng
Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we

can improve the support we provide to you. Please feel free to let my
manager know what you think of

the level of service provided. You can send feedback directly to my manager
at: (e-mail address removed).

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------