Velocity Reviews

Velocity Reviews (
-   ASP .Net Security (
-   -   FormsAuth and Sessions Troubles... (

Jeff 08-20-2003 07:56 PM

FormsAuth and Sessions Troubles...
I'm having some trouble implementing Forms Authentication and using
Session variables...
If i just turn on Forms Auth and don't set up any roles (Don't setup a
GenericPrincipal, and dont assign the Context.User) everything works
fine. I can keep my Auth Cookie, and Session timed in sync and i have
no issues.
NOW however as soon as i set a GenericPrincipal for my user and assign
Context.User to that principal everything goes to heck. It acts as
though my Auth Ticket doesn't expire... So what i get after i wait
20min (session timeout)is my session is dead, however in my
Application_AuthenticateRequest event, the auth cookie (that should've
expired) is available and i assign the principal... i don't get
redirected to my login page. Now when my pages load they try to access
a session variable, but Ooops, not there and i blow up.

In my AuthenticateRequest Event, i have :

Dim ticket As System.Web.Security.FormsAuthenticationTicket
Dim roles As String()
Dim formsID As FormsIdentity
Dim principal As GenericPrincipal

cook = Request.Cookies(System.Web.Security.FormsAuthentic ation.FormsCookieName)
If Not cook Is Nothing Then

ticket =
System.Web.Security.FormsAuthentication.Decrypt(co ok.Value)

roles = ticket.UserData.Split(roleDelimiter)

formsID = New FormsIdentity(ticket)
principal = New GenericPrincipal(formsID, roles)

Context.User = principal
end if

--- Now if i comment out the "Context.User = principal" line it works
as i'd expect...

thanks for any help


All times are GMT. The time now is 02:51 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.