E
e
I'm using forms authentication on a site. When the user logs in via the
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________
'create the forms auth ticket
objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8), False, _
"Data string I want to keep in the Ticket .UserData property")
'encrypt it
strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)
'stick it in the forms auth cookie
objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
strEncryptedTicket)
'place the cookie on the client
Response.Cookies.Add(objAuthCookie)
____________________
If I immediately retreive the cookie using this code:
____________________
'pick up the cookie from the client
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
....and examine the objAuthTicket.UserData, it contains the expected result:
"Data string I want to keep in the Ticket .UserData property"
However in Global.asax, in the Application_AuthenticateRequest event (which
is whre I need to read this ticket data for impersonation & security
purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
into a ticket object using the exact same code as before:
____________________
'pick up the cookie
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
....and examine the objAuthTicket.Userdata, it now contains an unexpected
result:
""
Nothing. The issue date, expiration date, name, isPersistant, all other
aspects of the ticket have correct values, but the userData is now
nullstring. Does anyone have any ideas as to why that is? The login button
click handler and the Application_AuthenticateRequest event are the only 2
places I'm ever touching the cookie in the entire app.
login page, the entered creds are checked against AD, and if valid, an
encrypted forms authentication ticket is produced and stored in the forms
auth cookie (and written to the client), using this code:
____________________
'create the forms auth ticket
objAuthTicket = New FormsAuthenticationTicket(1, txtUsername.Text, _
DateTime.Now, DateTime.Now.AddMinutes(8), False, _
"Data string I want to keep in the Ticket .UserData property")
'encrypt it
strEncryptedTicket = FormsAuthentication.Encrypt(objAuthTicket)
'stick it in the forms auth cookie
objAuthCookie = New HttpCookie(FormsAuthentication.FormsCookieName, _
strEncryptedTicket)
'place the cookie on the client
Response.Cookies.Add(objAuthCookie)
____________________
If I immediately retreive the cookie using this code:
____________________
'pick up the cookie from the client
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
....and examine the objAuthTicket.UserData, it contains the expected result:
"Data string I want to keep in the Ticket .UserData property"
However in Global.asax, in the Application_AuthenticateRequest event (which
is whre I need to read this ticket data for impersonation & security
purposes), I retreive the cookie (if it exists), decrypt the cookie.Value
into a ticket object using the exact same code as before:
____________________
'pick up the cookie
objAuthCookie = Request.Cookies(FormsAuthentication.FormsCookieName)
'decrypt/extract the ticket object from the cookie
objAuthTicket = FormsAuthentication.Decrypt(objAuthCookie.Value)
____________________
....and examine the objAuthTicket.Userdata, it now contains an unexpected
result:
""
Nothing. The issue date, expiration date, name, isPersistant, all other
aspects of the ticket have correct values, but the userData is now
nullstring. Does anyone have any ideas as to why that is? The login button
click handler and the Application_AuthenticateRequest event are the only 2
places I'm ever touching the cookie in the entire app.