Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Read form authentication cookie from asp.net code behind

Tags:

asp.net

We know that form authentication cookie is encrypted. so how to read the form authentication cookie content from my code behind.

if (Request.Cookies[".ASPXAUTH"] != null) {     HttpCookie myCookie = new HttpCookie(".ASPXAUTH"); } 
like image 364
Thomas Avatar asked Aug 28 '11 09:08

Thomas


People also ask

What does FormsAuthentication SetAuthCookie do?

The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection or the URL if CookiesSupported is false . The forms-authentication ticket supplies forms-authentication information to the next request made by the browser.

How do I set authentication cookies?

The auth cookie should always be HttpOnly. The only way would be to make an AJAX request and let the cookie be set server-side, in which case you need to ensure you are passing any credentials over SSL. You can set HttpOnly on the cookie instance before it's saved.

What is FormsAuthentication FormsCookieName?

Remarks. The FormsCookieName property value is set in the configuration file for an ASP.NET application by using the name attribute of the forms configuration element. The FormsCookieName is used to reference the cookie that stores the FormsAuthenticationTicket information.

What is Aspxauth cookie?

The ASPXAUTH cookie is used to determine if a user is authenticated. As far as the location of the cookie, that depends on your browser. If you are using Firefox you can view the cookie by clicking on Tools -> Options -> Privacy. Then scroll down to the domain and expand it to see the cookie and its value.


1 Answers

You can access the ticket with the Decrypt method provided by FormsAuthentication

HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value);  string cookiePath = ticket.CookiePath; DateTime expiration = ticket.Expiration; bool expired = ticket.Expired; bool isPersistent = ticket.IsPersistent; DateTime issueDate = ticket.IssueDate; string name = ticket.Name; string userData = ticket.UserData; int version = ticket.Version; 
like image 52
RyanW Avatar answered Sep 21 '22 00:09

RyanW