ASP.Net Forms Authentication - Storing Enrypted Ticket In HttpCookie

  • Thread starter Thread starter Mythran
  • Start date Start date
M

Mythran

We followed an example found on MSDN to create an encrypted
FormsAuthenticationTicket and storing the ticket in a cookie. Is this the
"correct" way to store the authentication ticket? We are attempting to
create a web service from the web application and our goal is to have the
user login to the web application and then, using the same credentials
and/or authentication objects, access the web services to retrieve our data
from other internal servers. It's pretty difficult to find this information
on the web :)

What other options are there for storing a user's credentials and then
accessing them on every call to the page and have the web service use the
same credentials for it's security?

Thanks,
Mythran
 
Peter Bradley said:
Does this help?

http://aspalliance.com/805_Soap_Headers_Authentication_in_Web_Services


Peter
Click to expand...

Thanks for the link, reading it now and hope it helps us...

Now, for the 2nd paragraph in my OP...what options are there for storing the
user id and pwd across postbacks (same session) w/o using the session nor
database? Is storing the user name and password hash in an encrypted form
as a cookie on the user's machine a good idea? I don't feel very
safe/secure with store a users password (hashed or not) in any form anywhere
outside of a database, but sometimes you gotta do what you gotta do...any
suggestions for this?

Thanks,
Mythran
 
Back
Top