We know that form authentication cookie is encrypted. so how to read the form authentication cookie content from my code behind.
if (Request.Cookies[".ASPXAUTH"] != null) { HttpCookie myCookie = new HttpCookie(".ASPXAUTH"); }
The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection or the URL if CookiesSupported is false . The forms-authentication ticket supplies forms-authentication information to the next request made by the browser.
The auth cookie should always be HttpOnly. The only way would be to make an AJAX request and let the cookie be set server-side, in which case you need to ensure you are passing any credentials over SSL. You can set HttpOnly on the cookie instance before it's saved.
Remarks. The FormsCookieName property value is set in the configuration file for an ASP.NET application by using the name attribute of the forms configuration element. The FormsCookieName is used to reference the cookie that stores the FormsAuthenticationTicket information.
The ASPXAUTH cookie is used to determine if a user is authenticated. As far as the location of the cookie, that depends on your browser. If you are using Firefox you can view the cookie by clicking on Tools -> Options -> Privacy. Then scroll down to the domain and expand it to see the cookie and its value.
You can access the ticket with the Decrypt method provided by FormsAuthentication
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(authCookie.Value); string cookiePath = ticket.CookiePath; DateTime expiration = ticket.Expiration; bool expired = ticket.Expired; bool isPersistent = ticket.IsPersistent; DateTime issueDate = ticket.IssueDate; string name = ticket.Name; string userData = ticket.UserData; int version = ticket.Version;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With