Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Cannot retrieve UserData in Forms Authentication (http://www.velocityreviews.com/forums/t764794-cannot-retrieve-userdata-in-forms-authentication.html)

John Kievlan 07-24-2003 09:33 PM

Cannot retrieve UserData in Forms Authentication
 
I am using FormsAuthentication for my application, and in
the UserData property of the FormsAuthenticationTicket
I'm storing the roles that the user is a member of, to
retrieve in global.asax and create a GenericPrincipal
object. Problem is, after the user logs in, I can get
the ticket just fine from the cookie, and all the data is
there -- except for the UserData property. It's empty.

I set the UserData as follows:

Dim authTicket As New FormsAuthenticationTicket(1,
txtUserID.Text, DateTime.Now, DateTime.Now.AddHours(1),
False, GetRoles(txtUserID.Text))
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New HttpCookie
(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)

Then I get the same cookie back in global.asax:

Dim cookieName As String =
FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = Context.Request.Cookies
(cookieName)

If authCookie Is Nothing Then Exit Sub

Dim authTicket As FormsAuthenticationTicket =
FormsAuthentication.Decrypt(authCookie.Value)

If authTicket Is Nothing Then Exit Sub

Dim roles() As String = Split
(authTicket.UserData, "|") ' Roles are in the
format "Role1|Role2|...|RoleN"

Dim id As New FormsIdentity(authTicket)

Dim principal As New GenericPrincipal(id, roles)

Context.User = principal

And the user isn't in the given roles. I went back and
put:

Response.Write("'" & authTicket.UserData & "'")

in the global.asax file, and I get an empty string.
Anyone have an idea?

tom hamilton 07-25-2003 12:51 AM

Cannot retrieve UserData in Forms Authentication
 
Your code matches what I use. And I just re-ran my code,
and am getting user data back from the cookie.

I assume your setting the ticket in a login page. And
have added the necessary web.config entries. I haven't
tried my code against a browser that doesn't accept
cookies.

Sorry that the only assitance is to note that your code
appears correct. I'm only guessing that the problem lies
in configuration.

>-----Original Message-----
>I am using FormsAuthentication for my application, and in
>the UserData property of the FormsAuthenticationTicket
>I'm storing the roles that the user is a member of, to
>retrieve in global.asax and create a GenericPrincipal
>object. Problem is, after the user logs in, I can get
>the ticket just fine from the cookie, and all the data is
>there -- except for the UserData property. It's empty.
>
>I set the UserData as follows:
>
>Dim authTicket As New FormsAuthenticationTicket(1,
>txtUserID.Text, DateTime.Now, DateTime.Now.AddHours(1),
>False, GetRoles(txtUserID.Text))
>Dim encryptedTicket As String =
>FormsAuthentication.Encrypt(authTicket)
>Dim authCookie As New HttpCookie
>(FormsAuthentication.FormsCookieName, encryptedTicket)
>Response.Cookies.Add(authCookie)
>
>Then I get the same cookie back in global.asax:
>
>Dim cookieName As String =
>FormsAuthentication.FormsCookieName
>Dim authCookie As HttpCookie = Context.Request.Cookies
>(cookieName)
>
>If authCookie Is Nothing Then Exit Sub
>
>Dim authTicket As FormsAuthenticationTicket =
>FormsAuthentication.Decrypt(authCookie.Value)
>
>If authTicket Is Nothing Then Exit Sub
>
>Dim roles() As String = Split
>(authTicket.UserData, "|") ' Roles are in the
>format "Role1|Role2|...|RoleN"
>
>Dim id As New FormsIdentity(authTicket)
>
>Dim principal As New GenericPrincipal(id, roles)
>
>Context.User = principal
>
>And the user isn't in the given roles. I went back and
>put:
>
>Response.Write("'" & authTicket.UserData & "'")
>
>in the global.asax file, and I get an empty string.
>Anyone have an idea?
>.
>



All times are GMT. The time now is 04:30 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.