UserData Problem
-
I have a login page in a website where I am authenticating the user via an access database. When I am creating the cookie for the authenticated user, and I put the users roles into the
UserDataproperty of theFormsAuthenticationticket something weird happens. I noticed that the users roles weren't working so I did some debugging. I noticed that when the application callsApplication_AuthenticateRequestin theGlobal.asaxfile, theUserDataproperty in the users ticket is empty. However, all of the other data is there :confused: Here is where I am authenticating the user:// verify that the passwords match if (userInfo\[0\] == entrdPwd) { // Password is good. User is authenticated. // Create a new ticket used for authentication FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName,DateTime.Now, DateTime.Now.AddMinutes(30), true, userInfo\[1\], FormsAuthentication.FormsCookiePath); // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); return true; }Everything is working fine there as far as i can tell. This is where the problem is:
void Application\_AuthenticateRequest(object sender, EventArgs e) { if (User != null) { if (User.Identity.IsAuthenticated) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string\[\] role = new string\[1\]; role\[0\] = ticket.UserData; // UserData is empty ("") ??? HttpContext.Current.User = new GenericPrincipal(id, role); } } }Thanks for any help ;P
-
I have a login page in a website where I am authenticating the user via an access database. When I am creating the cookie for the authenticated user, and I put the users roles into the
UserDataproperty of theFormsAuthenticationticket something weird happens. I noticed that the users roles weren't working so I did some debugging. I noticed that when the application callsApplication_AuthenticateRequestin theGlobal.asaxfile, theUserDataproperty in the users ticket is empty. However, all of the other data is there :confused: Here is where I am authenticating the user:// verify that the passwords match if (userInfo\[0\] == entrdPwd) { // Password is good. User is authenticated. // Create a new ticket used for authentication FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName,DateTime.Now, DateTime.Now.AddMinutes(30), true, userInfo\[1\], FormsAuthentication.FormsCookiePath); // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); return true; }Everything is working fine there as far as i can tell. This is where the problem is:
void Application\_AuthenticateRequest(object sender, EventArgs e) { if (User != null) { if (User.Identity.IsAuthenticated) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string\[\] role = new string\[1\]; role\[0\] = ticket.UserData; // UserData is empty ("") ??? HttpContext.Current.User = new GenericPrincipal(id, role); } } }Thanks for any help ;P
-
I have a login page in a website where I am authenticating the user via an access database. When I am creating the cookie for the authenticated user, and I put the users roles into the
UserDataproperty of theFormsAuthenticationticket something weird happens. I noticed that the users roles weren't working so I did some debugging. I noticed that when the application callsApplication_AuthenticateRequestin theGlobal.asaxfile, theUserDataproperty in the users ticket is empty. However, all of the other data is there :confused: Here is where I am authenticating the user:// verify that the passwords match if (userInfo\[0\] == entrdPwd) { // Password is good. User is authenticated. // Create a new ticket used for authentication FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName,DateTime.Now, DateTime.Now.AddMinutes(30), true, userInfo\[1\], FormsAuthentication.FormsCookiePath); // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash); // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; // Add the cookie to the list for outgoing response Response.Cookies.Add(cookie); return true; }Everything is working fine there as far as i can tell. This is where the problem is:
void Application\_AuthenticateRequest(object sender, EventArgs e) { if (User != null) { if (User.Identity.IsAuthenticated) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string\[\] role = new string\[1\]; role\[0\] = ticket.UserData; // UserData is empty ("") ??? HttpContext.Current.User = new GenericPrincipal(id, role); } } }Thanks for any help ;P
Hi Sean, I only can read half of your reply in the email sent to me, the rest of it simply said "...(continued)", I guess you might have clicked the Email link instead of the Reply. Fortunately, the first half of the email may help me figure out the cause (hopefully). Well, after the login control authenticates the user, if the user is authenticated, the control will add the authentication cookie with the same name which you use it your own method. This happens after the Authenticate event, so it may override your own cookie. So your authenticate code should validate the user credentials only, and you can create an event handler for the LoggedIn event to add your authentication cookie. In addition, you may also want to check out the Roles Management in the ASP.NET 2.0 instead of managing on your own. http://msdn2.microsoft.com/en-us/library/53s18z5c.aspx[^] http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000013.asp[^]