Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Best way to handle AuthenticateRequest?

Thread Tools

Best way to handle AuthenticateRequest?

Posts: n/a
I've been reading a lot of articles about how to handle roles based security in ASP.NET and I've seen two popular methods of handling AuthenticateRequest and I'm curious which is preferred. (I've omitted most error checking to simplify the code).

Option 1 (from MSDN patterns & practices - extract cookie and decrypt):
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (authCookie == null)
FormsAuthenticationTicket authTicket = null;
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
string[] roles = authTicket.UserData.Split(new char[]{'|'});
FormsIdentity id = new FormsIdentity( authTicket );
GenericPrincipal principal = new GenericPrincipal(id, roles);
Context.User = principal;

Option 2 (various articles - cast identity, get forms ticket):
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);

Option 2 makes me think the FormsAuthentication class is doing a lot of stuff behind the scenes but I haven't found the documentation on it (not that it doesn't exist). Is the FormsAuthentication class automatically picking up the cookie and decrypting it with each page request? And if this is the case, then why does the "official" MS method ignore this feature and do things manually?? Thanks for the input!
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
best way to handle sql decimal fields Steve Richter ASP .Net 3 03-31-2005 02:55 PM
What's the best way to handle showing/editing this data? Alan Silver ASP .Net 4 02-16-2005 06:23 PM
Best way to handle documents in ASP.NET Thomas Scheiderich ASP .Net 11 05-20-2004 05:57 PM
Question: Best way to handle DBNULL in datareaders Ravikanth[MVP] ASP .Net 6 07-18-2003 10:51 AM
Re: Best way to handle a mutually exclusive situation gabriel XML 0 06-25-2003 08:08 AM