Hi,
So when using the Role Manager and cookie caching, does the roles cookie
have a ticket and a time out.
If so when and where does it get the cookie timeout value?
Is there a way I can read the roles cookie and see what the time out is?
<Sorry I posted incomplete post by mistake.>
Thanks for the clarification. Yes it has timeout and cookie. The code that
sets/gets the roles cookie is
in the RoleManagerModule class. In its OnEnter() and OnLeave() method the
cookie is get/set. OnEnter fires on PostAuthenticateRequest event of
HttpApplication and OnLeave fires on EndRequest event of HttpApplication:
public void Init(HttpApplication app)
{
if (Roles.Enabled)
{
app.PostAuthenticateRequest += new EventHandler(this.OnEnter);
app.EndRequest += new EventHandler(this.OnLeave);
}
}
To get the roles cookie, you can try:
HttpCookie cookie = context.Request.Cookies[Roles.CookieName];
But to read the detailed information of the cookie you can simply try
following code because the data in roles cookie will be decoded and
assigned to RolePrincipal:
RolePrincipal rp = (RolePrincipal)HttpContext.Current.User;
//rp.ExpireDate
If you have interest, you can view the source code for more details:
private void OnEnter(object source, EventArgs eventArgs)
{
if (!Roles.Enabled)
{
if (HttpRuntime.UseIntegratedPipeline)
{
((HttpApplication)
source).Context.DisableNotifications(RequestNotification.EndRequest, 0);
}
}
else
{
HttpApplication application = (HttpApplication) source;
HttpContext context = application.Context;
if (this._eventHandler != null)
{
RoleManagerEventArgs e = new RoleManagerEventArgs(context);
this._eventHandler(this, e);
if (e.RolesPopulated)
{
return;
}
}
if (Roles.CacheRolesInCookie)
{
if (context.User.Identity.IsAuthenticated &&
(!Roles.CookieRequireSSL || context.Request.IsSecureConnection))
{
try
{
HttpCookie cookie =
context.Request.Cookies[Roles.CookieName];
if (cookie != null)
{
string encryptedTicket = cookie.Value;
if ((encryptedTicket != null) &&
(encryptedTicket.Length > 0x1000))
{
Roles.DeleteCookie();
}
else
{
if (!string.IsNullOrEmpty(Roles.CookiePath) &&
(Roles.CookiePath != "/"))
{
cookie.Path = Roles.CookiePath;
}
cookie.Domain = Roles.Domain;
context.User = new
RolePrincipal(context.User.Identity, encryptedTicket);
}
}
}
catch
{
}
}
else
{
if (context.Request.Cookies[Roles.CookieName] != null)
{
Roles.DeleteCookie();
}
if (HttpRuntime.UseIntegratedPipeline)
{
context.DisableNotifications(RequestNotification.EndRequest, 0);
}
}
}
if (!(context.User is RolePrincipal))
{
context.User = new RolePrincipal(context.User.Identity);
}
Thread.CurrentPrincipal = context.User;
}
}
private void OnLeave(object source, EventArgs eventArgs)
{
HttpApplication application = (HttpApplication) source;
HttpContext context = application.Context;
if (((Roles.Enabled && Roles.CacheRolesInCookie) &&
!context.Response.HeadersWritten) && (((context.User != null) &&
(context.User is RolePrincipal)) && context.User.Identity.IsAuthenticated))
{
if (Roles.CookieRequireSSL && !context.Request.IsSecureConnection)
{
if (context.Request.Cookies[Roles.CookieName] != null)
{
Roles.DeleteCookie();
}
}
else
{
RolePrincipal user = (RolePrincipal) context.User;
if (user.CachedListChanged && context.Request.Browser.Cookies)
{
string str = user.ToEncryptedTicket();
if (string.IsNullOrEmpty(str) || (str.Length > 0x1000))
{
Roles.DeleteCookie();
}
else
{
HttpCookie cookie = new HttpCookie(Roles.CookieName,
str);
cookie.HttpOnly = true;
cookie.Path = Roles.CookiePath;
cookie.Domain = Roles.Domain;
if (Roles.CreatePersistentCookie)
{
cookie.Expires = user.ExpireDate;
}
cookie.Secure = Roles.CookieRequireSSL;
context.Response.Cookies.Add(cookie);
}
}
}
}
}
Regards,
Allen Chen
Microsoft Online Support