Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > strange Formsauthentication behavior

Reply
Thread Tools

strange Formsauthentication behavior

 
 
Kevin Yu
Guest
Posts: n/a
 
      04-19-2006
hi all,

in formsauthentication, the global.asax event
Application_Authenticationrequest() event should run once before the page
httphandler runs, correct?
because the global.asax inherites the HttpModule class, but I am see some
odd behabivor when using formsauthentication in 2.0.

on the same level as the login.aspx page, I have a folder called Admin with
some aspx pages inside. the pages that are on the same level as the login
page seems to work find - the Application_Authenticationrequest() run once
before the page_load, but when accssing the page inside of the Admin
folder, the Application_Authenticationrequest() is fired twice after the
page_load event. am I missing something here?


Kevin

here's the code for login:

protected void btnLogin_Click(object sender, EventArgs e)

{

if (IsAuthenticated(this.txtUserName.Text.Trim(),
this.txtPassword.Text.Trim()))

{

// Create the authentication ticket

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, //
version

this.txtUserName.Text.Trim(),// user name

DateTime.Now, // creation

DateTime.Now.AddMinutes(60),// Expiration

false, // Persistent

string.Empty); // User data



// Now encrypt the ticket.

string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Create a cookie and add the encrypted ticket to the

// cookie as data.

HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);

// Add the cookie to the outgoing cookies collection.

Response.Cookies.Add(authCookie);

// Redirect the user to the originally requested page

FormsAuthentication.RedirectFromLoginPage(this.txt UserName.Text, false);

}

else

{

this.lblMsg.Text = "Login failed.";

}

}



and the code in the

void Application_AuthenticateRequest(Object sender, EventArgs e)

{

// Extract the forms authentication cookie

string cookieName = FormsAuthentication.FormsCookieName;

HttpCookie authCookie = Context.Request.Cookies[cookieName];

if (null == authCookie)

{

// There is no authentication cookie.

return;

}

string userName = HttpContext.Current.User.Identity.Name;

if (userName != null && userName != string.Empty)

{

//custom user object that implements IPrincipla interface

UserContext user = UserData.GetUserByUserName(userName);

HttpContext.Current.User = user;

}

}


 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      04-21-2006
it runs several times because of the redirects that are done during authentication

use a tool like www.fiddlertool.com to visualize the HTTP traffic

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> hi all,
>
> in formsauthentication, the global.asax event
> Application_Authenticationrequest() event should run once before the
> page
> httphandler runs, correct?
> because the global.asax inherites the HttpModule class, but I am see
> some
> odd behabivor when using formsauthentication in 2.0.
> on the same level as the login.aspx page, I have a folder called Admin
> with
> some aspx pages inside. the pages that are on the same level as the
> login
> page seems to work find - the Application_Authenticationrequest() run
> once
> before the page_load, but when accssing the page inside of the Admin
> folder, the Application_Authenticationrequest() is fired twice after
> the
> page_load event. am I missing something here?
> Kevin
>
> here's the code for login:
>
> protected void btnLogin_Click(object sender, EventArgs e)
>
> {
>
> if (IsAuthenticated(this.txtUserName.Text.Trim(),
> this.txtPassword.Text.Trim()))
>
> {
>
> // Create the authentication ticket
>
> FormsAuthenticationTicket authTicket = new
> FormsAuthenticationTicket(1, // version
>
> this.txtUserName.Text.Trim(),// user name
>
> DateTime.Now, // creation
>
> DateTime.Now.AddMinutes(60),// Expiration
>
> false, // Persistent
>
> string.Empty); // User data
>
> // Now encrypt the ticket.
>
> string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
>
> // Create a cookie and add the encrypted ticket to the
>
> // cookie as data.
>
> HttpCookie authCookie = new
> HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
>
> // Add the cookie to the outgoing cookies collection.
>
> Response.Cookies.Add(authCookie);
>
> // Redirect the user to the originally requested page
>
> FormsAuthentication.RedirectFromLoginPage(this.txt UserName.Text,
> false);
>
> }
>
> else
>
> {
>
> this.lblMsg.Text = "Login failed.";
>
> }
>
> }
>
> and the code in the
>
> void Application_AuthenticateRequest(Object sender, EventArgs e)
>
> {
>
> // Extract the forms authentication cookie
>
> string cookieName = FormsAuthentication.FormsCookieName;
>
> HttpCookie authCookie = Context.Request.Cookies[cookieName];
>
> if (null == authCookie)
>
> {
>
> // There is no authentication cookie.
>
> return;
>
> }
>
> string userName = HttpContext.Current.User.Identity.Name;
>
> if (userName != null && userName != string.Empty)
>
> {
>
> //custom user object that implements IPrincipla interface
>
> UserContext user = UserData.GetUserByUserName(userName);
>
> HttpContext.Current.User = user;
>
> }
>
> }
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Thunderbird strange behavior... Jim Firefox 5 11-17-2005 03:09 PM
Firefox 1.04 and Strange Find Behavior Thomas Firefox 5 06-28-2005 08:40 PM
strange behavior when using 'read' sstark Perl 0 03-06-2005 02:27 AM
Funky FormsAuthentication Cookie Behavior. E.M.Smith ASP .Net Security 1 06-03-2004 05:51 PM
undefined behavior or not undefined behavior? That is the question Mantorok Redgormor C Programming 70 02-17-2004 02:46 PM



Advertisments