Getting Cokkies values using FORMS authentication

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,
I’m developing in ASP.NET using “Forms†authentification:

I’m asking “LOGINâ€, “PASSWORD†and “KEYâ€

Web.config:
<authentication mode="Forms"><forms name=".SOMETHING"
loginUrl="login.aspx"
protection="All"
timeout="5"
path="/"><!--requireSSL="true"--><!-- protection="[All|None|Encryption|Validation]" --></forms></authentication>

As you like read, I am using the attribute protection="All" (encrypting the cookie).

Everything is running very well, “BUT...â€, I have the following doubt:

Is possible that I can apply something like:

vAux = HttpContext.Current.Server.UrlEncode(“LOGINâ€)
LOGIN = HttpContext.Current.Request.Cookies.Get(vAux)

vAux = HttpContext.Current.Server.UrlEncode(“PASSWORDâ€)
PASSWORD = HttpContext.Current.Request.Cookies.Get(vAux)

vAux = HttpContext.Current.Server.UrlEncode(“PASSWORDâ€)
KEY = HttpContext.Current.Request.Cookies.Get(vAux)

for getting DESENCRYPTED values?? (I know that the code above is not correct)

I need that values for using its with others functions.

Could someone help me?

Thanks in advance!,

l-touched
 
The system does not work like that. While the logon cookie is encrypted, it
stores the session ID value; if you want more, you have to handle it. Also,
the session cookie is not programmed in the same manner as a user cookie,
which is what you are attempting to grab here. The user's identity
information is held in an Identity object, even if the session ID is stored
in a cookie, as far as the mechanism goes. Just remember that it is not a
user cookie.

In general, you will have to create your own user control mechanism, outside
of session. Remember, the system authenticates access to the system; it does
not handle identity, at least not in the manner you are thinking. It will
handle authorization of individual resources ... if you put them in the
web.config file.


--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************
l-touched said:
Hello,
I'm developing in ASP.NET using "Forms" authentification:

I'm asking "LOGIN", "PASSWORD" and "KEY"

Web.config:
<authentication mode="Forms"><forms name=".SOMETHING"
loginUrl="login.aspx"
protection="All"
timeout="5"
path="/"><!--requireSSL="true"--><!--
Click to expand...
protection="[All|None|Encryption|Validation]" --> said:
As you like read, I am using the attribute protection="All" (encrypting the cookie).

Everything is running very well, "BUT...", I have the following doubt:

Is possible that I can apply something like:

vAux = HttpContext.Current.Server.UrlEncode("LOGIN")
LOGIN = HttpContext.Current.Request.Cookies.Get(vAux)

vAux = HttpContext.Current.Server.UrlEncode("PASSWORD")
PASSWORD = HttpContext.Current.Request.Cookies.Get(vAux)

vAux = HttpContext.Current.Server.UrlEncode("PASSWORD")
KEY = HttpContext.Current.Request.Cookies.Get(vAux)

for getting DESENCRYPTED values?? (I know that the code above is not correct)

I need that values for using its with others functions.

Could someone help me?

Thanks in advance!,

l-touched
Click to expand...
 
Back
Top