Menu
Using FormsAuthentication we write code like this:
if (IsValidUser()) { FormsAuthentication.SetAuthCookie(userName, createPersistentCookie); FormsAuthentication.RedirectFromLoginPage(userName, createPersistentCookie); } How can I manually create a authentication cookie instead of writing FormsAuthentication.SetAuthCookie(userName, createPersistentCookie)?
How can I store a redirect URL from the login page in a string variable instead of writing FormsAuthentication.RedirectFromLoginPage(userName, createPersistentCookie)?
746
The entire cookie-based authentication works in the following manner: The user gives a username and password at the time of login. Once the user fills in the login form, the browser (client) sends a login request to the server. The server verifies the user by querying the user data.
There are 3 steps for using cookie authentication. First is to add authentication middleware with the AddAuthentication and AddCookie methods. Secondly, specify the app must use authentication & authorization. Finally apply the [Authorize] attribute on the controllers and actions that require the cookie authorization.
Using cookies in authentication makes your application stateful. This will be efficient in tracking and personalizing the state of a user. Cookies are small in size thus making them efficient to store on the client-side. Cookies can be “HTTP-only” making them impossible to read on the client-side.
Here you go. ASP.NET takes care of this for you when you use the higher level methods built into FormsAuthentication, but at the low level this is required to create an authentication cookie.
if (Membership.ValidateUser(username, password)) { // sometimes used to persist user roles string userData = string.Join("|",GetCustomUserRoles()); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, // ticket version username, // authenticated username DateTime.Now, // issueDate DateTime.Now.AddMinutes(30), // expiryDate isPersistent, // true to persist across browser sessions userData, // can be used to store additional user data FormsAuthentication.FormsCookiePath); // the path for the cookie // Encrypt the ticket using the machine key string encryptedTicket = FormsAuthentication.Encrypt(ticket); // Add the cookie to the request to save it HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.HttpOnly = true; Response.Cookies.Add(cookie); // Your redirect logic Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent)); } I'm not sure why you would want to do something custom here. If you want to change the implementation of where user data is stored and how users authenticate then it's best practice to create a custom MembershipProvider. Rolling your own solution and messing with the authentication cookie means a high probability of introducing security holes in your software.
I don't understand your part 2. You only need to call FormsAuthentication.GetRedirectUrl if you want to return users to the page they were trying to access when they got bounced to login. If not do whatever you want here, redirect to a url stored in the configuration if you want.
To read the FormsAuthentication cookie, normally you would hook the AuthenticateRequest event in a HttpModule or the Global.asax and set up the user IPrinciple context.
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if(authCookie != null) { //Extract the forms authentication cookie FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); // If caching roles in userData field then extract string[] roles = authTicket.UserData.Split(new char[]{'|'}); // Create the IIdentity instance IIdentity id = new FormsIdentity( authTicket ); // Create the IPrinciple instance IPrincipal principal = new GenericPrincipal(id, roles); // Set the context user Context.User = principal; } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
