Accessing Forms Auth Cookie from WinForm

  • Thread starter Thread starter IntraRELY
  • Start date Start date
I

IntraRELY

I have an WinForm (VB.NET) that is launched from an ASP.NET page that uses
Form Authentication. After the WinForm is lauched it calls a web service. I
want to use the credentials stored in the cookie and authenticate them on
the web service side. Is there a way to access the information?

TIA,

Steve Wofford
www.IntrRELY.com
 
Hi,

Thanks for using Microsoft MSDN Managed Newsgroup.

Currently I am looking for somebody who could help you on it. We will reply
here with more information as soon as possible.
If you have any more concerns on it, please feel free to post here.


Thanks!

Best regards,

Gary Chang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Hi Steve,

Thanks for using Microsoft MSDN Managed Newsgroup. My name is Peter, and I
will be assisting you on this issue.

First of all, I would like to confirm my understanding of your issue.
From your description, I understand that you wants to pass the form
authentication credential to the webform.( do you mean a WebForm not a
WinForm, am I right?)
Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.

Based on my expericen, the user name will be stored in the cookie in client
side, but not the password. So you can restrieve the username by using the
HttpContext.Current.User.Identity.Name property.

HttpContext.User Property
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfSystemWebHttpContextClassUserTopic.asp

Forms-Based Authentication
http://samples.gotdotnet.com/quickstart/aspplus/default.aspx?url=/quickstart
/aspplus/doc/formsauth.aspx

HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
Using Visual Basic .NET
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308157#10

Since you will authenticate the username and password in the serverside, so
I think you can restrieve the password from where you store the
username-password pair. So that you can get the password from the username.

Also, why you do not use a unified username-password pair to access the
webservice, so that you will not need to maintian two sets of user
credential data. As long as the user passed the form authentication, we
assume he can access the webservice.

If you have any other concern on this issue, please post here.


Best regards,
Perter Huang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi Steve,

I am sorry if I misunderstanding you meaning.
Is the Winform you refer to a smart client?
And you wants to run the smart client in a Webform and get the credential
the user input in the webform authentication.

If so I think you can get the username and password directly from the
WebForm as pass to the smart client as arguments.
Here is article about pass argument to an smart client windows form
application.
Launching No-Touch Deployment Applications with Command Line Arguments
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnforms/htm
l/winforms05152003.asp

Also you can pass the argument to the smart client when you launch it.

Dim us, ps As String
us = Me.TextBox1.Text 'username
ps = Me.TextBox2.Text 'password
Response.Redirect(("http://localhost/vacaplan.exe?uid=" + us + ps))

Also , can you tell did webservice you wants to call lie in the same server
with ASP.NET application? lie in the same directory? or in different server?


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks Peter for another good response to my question.

This article seems like exactly what I want. After I try and implement it I
will post another specific question, but this look perfect.

To answer you question as you may have other options for me. The web service
I am calling will be in the same web application. However I did put it into
another directory as another project for the time being, because the root
web appliction does require forms auth, so I moved it so I could build the
web service application and throw the authentication on it last.

Thanks,

Steve Wofford
www.IntraRELY.com
 
Hi Steve,

Thanks for your quickly reply!

Based on my experience, it is a good practice to put the Webservice in
another directory which is different from the ASP.NET Form-authentication
Application.

Since the cookie is read for serverside, and the SmartClient(winform) is
running at client side. The SmartClient as a client side app can not read
the information from the cookie, it has been hashed by server and will be
read by server.

So you may try my last suggest, i.e. pass the parameter to the smartclient.
If you have any question, please post here.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
HI Steve,

Did you have any concern on this issue?
If so please post here.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
Hi, I'm in the same situation and I'm passing parameters to the smart
client. I have a doubt: if I open the Internet Temporary Files folder
I can see one ".exe" for each of the combination of the parameters
like these:

xxxx.exe?param1=qqweqweqwe
xxxx.exe?param1=qeqwasd111
......
xxxx.exe?param1=123456789

This is: the user is downloading the same exe each time even when no
new version is available, and I thought this was one of the good
things for the no-touch deployment.

So, is there any solution to avoid this? I was thinking storing the
parameters in another cookie and accesing the cookies from the smart
client, but I'm not able to do that. Any idea for this??

Thank you very much,
\Diego
 
Back
Top