Forms Authentication and using Current User Credentials programmatically
-
Using Forms Authentication and locking down the path so you need to be authenticated to access the pages / data. I am trying to use the current authenticated user credentials in order to process a web request within the .aspx page that the user has navigated to. Code as below:
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri); req.Credentials = CredentialCache.DefaultCredentials; WebResponse res = req.GetResponse();NOTE: the uri is valid. The response is a redirect to the login page (bad credentials redirect to login page) and not the requested data provided by the web request. I am struggling to find what I need to do in order for this request to be processed as though it was the current authenticated user. Any advice is most appreciated. Thanks in advance. Ant.Ant. **I'm hard, yet soft.
I'm coloured, yet clear.
I'm fruity and sweet.
I'm jelly, what am I? Muse on it further, I shall return!**- David Walliams (Little Britain)
-
Using Forms Authentication and locking down the path so you need to be authenticated to access the pages / data. I am trying to use the current authenticated user credentials in order to process a web request within the .aspx page that the user has navigated to. Code as below:
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri); req.Credentials = CredentialCache.DefaultCredentials; WebResponse res = req.GetResponse();NOTE: the uri is valid. The response is a redirect to the login page (bad credentials redirect to login page) and not the requested data provided by the web request. I am struggling to find what I need to do in order for this request to be processed as though it was the current authenticated user. Any advice is most appreciated. Thanks in advance. Ant.Ant. **I'm hard, yet soft.
I'm coloured, yet clear.
I'm fruity and sweet.
I'm jelly, what am I? Muse on it further, I shall return!**- David Walliams (Little Britain)
Forms Authentication works (by default) by storing an encrypted ticket as a cookie upon login, which the authentication module then reads and interprets to determine the currently logged in user. For the situation you describe to work (if I am not misunderstanding you), the uri that forms your
HttpWebRequestneeds to either be in the same web application (which would be very unlikely) or it would be to a web application that is configured to use forms authentication with the samemachineKeyas the calling application. Configuring multiple applications with a commonmachineKeyin web.config is one way to achieve single sign-on, allowing the user to have one login that passes through to other applications. You can read the following article, under "Web Farm Deployment Considerations" to see how: http://msdn.microsoft.com/en-us/library/ms998288.aspx[^] There is also a bunch of blog articles describing single signon you can find by googling "asp.net forms authentication single sign-on" Then from the calling application it would be a matter of adding the forms authentication cookie that has already been created (again through the successful submission of a user login form) to the request object's CookieContainer[^] prior to making the call. If the target application is configured correctly, it will automatically interpret the cookie and the forms authentication credentials to determine the user. -
Forms Authentication works (by default) by storing an encrypted ticket as a cookie upon login, which the authentication module then reads and interprets to determine the currently logged in user. For the situation you describe to work (if I am not misunderstanding you), the uri that forms your
HttpWebRequestneeds to either be in the same web application (which would be very unlikely) or it would be to a web application that is configured to use forms authentication with the samemachineKeyas the calling application. Configuring multiple applications with a commonmachineKeyin web.config is one way to achieve single sign-on, allowing the user to have one login that passes through to other applications. You can read the following article, under "Web Farm Deployment Considerations" to see how: http://msdn.microsoft.com/en-us/library/ms998288.aspx[^] There is also a bunch of blog articles describing single signon you can find by googling "asp.net forms authentication single sign-on" Then from the calling application it would be a matter of adding the forms authentication cookie that has already been created (again through the successful submission of a user login form) to the request object's CookieContainer[^] prior to making the call. If the target application is configured correctly, it will automatically interpret the cookie and the forms authentication credentials to determine the user.Many thanks Mike, getting the cookie and adding it to the request CookieContainer is exactly what I wanted. Just for others to reference I have included my code.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri); // Add the current authentication cookie to the request HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; Cookie authenticationCookie = new Cookie(FormsAuthentication.FormsCookieName, cookie.Value, cookie.Path, HttpContext.Current.Request.Url.Authority); req.CookieContainer = new CookieContainer(); req.CookieContainer.Add(authenticationCookie); WebResponse res = req.GetResponse();Ant. **I'm hard, yet soft.
I'm coloured, yet clear.
I'm fruity and sweet.
I'm jelly, what am I? Muse on it further, I shall return!**- David Walliams (Little Britain)
-
Many thanks Mike, getting the cookie and adding it to the request CookieContainer is exactly what I wanted. Just for others to reference I have included my code.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(uri); // Add the current authentication cookie to the request HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; Cookie authenticationCookie = new Cookie(FormsAuthentication.FormsCookieName, cookie.Value, cookie.Path, HttpContext.Current.Request.Url.Authority); req.CookieContainer = new CookieContainer(); req.CookieContainer.Add(authenticationCookie); WebResponse res = req.GetResponse();Ant. **I'm hard, yet soft.
I'm coloured, yet clear.
I'm fruity and sweet.
I'm jelly, what am I? Muse on it further, I shall return!**- David Walliams (Little Britain)
I'm glad, Ant. Nice code snippet too. :cool: