Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Change authentication ticket value at run time?

Reply
Thread Tools

Change authentication ticket value at run time?

 
 
Tony
Guest
Posts: n/a
 
      12-03-2003
Hi,
what am I doing wrong ?

there is 2 levels of user accessing the
application:'Admin' and 'NoneAdmin'.
I'm using role based authentication.

some 'Admin' user need to manipulate data on behalf of
some 'NoneAdmin' user, which means that I have an option
where the 'Admin' user, after he is logged in, would
view,save, update,delete other user data) and in order to
allow this "Admin' to manipulate the 'NoneAdmin' data, I
need to change his authentication ticket at runtime
temporarily to let him act as the owner of this data.

here is the code:
Dim tempTicket As New FormsAuthenticationTicket(1,
NoneAdmin_Name, _
DateTime.Today,
DateTime.Today.AddMinutes(180), _
True, "xxxx")

Dim hashTempTicket As String = FormsAuthentication.Encrypt
(tempTicket)
Dim tempCookie As HttpCookie = New HttpCookie
(FormsAuthentication.FormsCookieName(), tempTicket)
tempCookie.Expires = DateTime.Today.AddMinutes(60)
Response.Cookies.Add(tempCookie)


I suppose that this temporary ticket will overwrite the
original one that I saved somewhere before it get
overwritten.

the problem is, that the next request to any page the user
is redirected to the the login page

thank you for any help.


 
Reply With Quote
 
 
 
 
MSFT
Guest
Posts: n/a
 
      12-04-2003
Hi Tony,

How about SignOut the Admin user first and then assign him a noneadmin
FormsAuthenticationTicket?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
 
Tony
Guest
Posts: n/a
 
      12-04-2003
hi Lucke,
I tried that too (SignOut the 'Admin' then assign him a
new ticket as 'NoneAdmin') but it keep redirecting the
user to the login page.

and I even tried to delete the old cookie on the client
side (Response.cookie("cookieName")=Nothing
Response.cookie("cookieName")="/"
Response.cookie("cookieName").expires=new DateTime
(19661,1) )
but it didn't work either.

any more idea ??
 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      12-08-2003
Hi Tony,

I am working on this issue to make sure if this is possible and will update
you as soon as possible.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      12-09-2003
Hi Tony,

Based on my test, following code seem to be workable:

Dim tempTicket As New FormsAuthenticationTicket(1, "NoneAdmin",
DateTime.Now, DateTime.Now.AddMinutes(60), True, "xxxx")

Dim hashTempTicket As String =
FormsAuthentication.Encrypt(tempTicket)
Dim tempCookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName(), hashTempTicket)
tempCookie.Expires = tempTicket.Expiration
tempCookie.Path = FormsAuthentication.FormsCookiePath
Response.Cookies.Add(tempCookie)


Compared with your code, I set the cookie's Expire and Path. I put above
code in a button's click event. In another button's CLick event, I have
following code:

Response.Write(User.Identity.Name)

It output "NoneAdmin" instead of "Admin"

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Forms Authentication Ticket Functionality With Windows Authentication jfer ASP .Net Security 3 09-16-2005 06:30 PM
Error decrypting authentication ticket =?Utf-8?B?QmlsbCBCb3Jn?= ASP .Net 0 10-11-2004 10:59 PM
authentication ticket Roel ASP .Net 2 07-19-2004 12:43 PM
forms authentication ticket .userdata vanishing e ASP .Net 1 10-24-2003 06:14 PM
Authentication ticket, cookieless, forms authentication? Lauchlan M ASP .Net Security 0 10-01-2003 12:23 AM



Advertisments