Problems with FormsAuthenticationTicket in role-base security
-
I am having problems with the
FormsAuthenticationTicketkeeping the UserData that I store in it when creating the ticket. The UserData (i.e. my role information) is getting lost. My login code is the following (simpiflied)'returns "SA" for this demo
Dim roles As String = GetRoles()
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, Me.txtLogin.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False, roles)
Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
Dim authCookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
FormsAuthentication.RedirectFromLoginPage(Me.txtLogin.Text, False)Now when a page gets authenticated the code,
Application_AuthenticateRequest, in the global.asax the following happens (again simplified)Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
Dim authTicket As FormsAuthenticationTicket = Nothing
authTicket = FormsAuthentication.Decrypt(authCookie.Value)'this should be "SA" but UserData is ""
Dim roles As String() = authTicket.UserData.Split("|".ToCharArray)Dim id As FormsIdentity = New FormsIdentity(authTicket)
Dim principal As CustomPrincipal = New CustomPrincipal(id, roles)
Context.User = principalIf I stop the execution in the debugger and modify the value of roles to be "SA" then everything else works fine. The big question is, Why is UserData empty? Thanks in advance.
-
I am having problems with the
FormsAuthenticationTicketkeeping the UserData that I store in it when creating the ticket. The UserData (i.e. my role information) is getting lost. My login code is the following (simpiflied)'returns "SA" for this demo
Dim roles As String = GetRoles()
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, Me.txtLogin.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False, roles)
Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
Dim authCookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
FormsAuthentication.RedirectFromLoginPage(Me.txtLogin.Text, False)Now when a page gets authenticated the code,
Application_AuthenticateRequest, in the global.asax the following happens (again simplified)Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)
Dim authTicket As FormsAuthenticationTicket = Nothing
authTicket = FormsAuthentication.Decrypt(authCookie.Value)'this should be "SA" but UserData is ""
Dim roles As String() = authTicket.UserData.Split("|".ToCharArray)Dim id As FormsIdentity = New FormsIdentity(authTicket)
Dim principal As CustomPrincipal = New CustomPrincipal(id, roles)
Context.User = principalIf I stop the execution in the debugger and modify the value of roles to be "SA" then everything else works fine. The big question is, Why is UserData empty? Thanks in advance.
The problem was using
FormsAuthentication.RedirectFromLoginPage, it writes its own cookie which over writes yours!!!:mad: So I change it to aResponse.Redirectand everything works fine. :-D
However...It took me two days to figure that out because it is not in the documentation. ugh!
Later