.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
FormsAuthenticationTicket Info
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngsec' list.


Bill Bassler
Can someone point me to any info on applications of
FormsAuthenticationTicket class? The MS docs are a bit thin in this area.
Would it be when you want more direct control of the user's session?
I'm trying to get a handle on when I would need to/want to use this ... as
it seems this "general" functionality might be implemented behind the
scences when using something like below for user authentication and session.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication) sender;
if (app.Request.IsAuthenticated && app.User.Identity is FormsIdentity)
{
FormsIdentity identity = (FormsIdentity) app.User.Identity;
...

app.Context.User = new Principal (identity, roles);
Thread.CurrentPrincipal = app.Context.User; // Attach the Principal
object to the current, and therefore subsequent session threads.
Reply to this message...
 
    
Daniel Kent

You can use FormsAuthenticationTicket to create your own tickets that can
then be encrypted and persisted as cookies in the same way that the
encrypted forms authentication ticket is persisted. You can put whatever
information you like in these tickets (bearing in mind the limitations on
cookie length) and it will be safe even though it is persisted on the users
machine. This saves using Session storage for things such as personalization
information.

FormsAuthenticationTicket can also be useful when the standard Forms
authentication methods such as RedirectFromLoginPage don't do exactly what
you want. The FormsAuthenticationTicket class allows us to do the process of
setting up the authentication ticket and writing it as a cookie ourselves.
This means we can have finer control over the process (a good example of
this is setting expiry dates for persistant cookies)

Quick plug - there are two long chapters about Forms authentication (written
by me) in Professional ASP.NET Security. They cover forms authentication
topics such as this in depth. The book will be available next month.

Let me know if you need some more examples of where
FormsAuthenticationTicket can be useful.

Dan.

-----Original Message-----
From: Bill Bassler [mailto:Click here to reveal e-mail address]
Sent: 08 July 2002 14:00
To: aspngsec
Subject: [aspngsec] FormsAuthenticationTicket Info

Can someone point me to any info on applications of
FormsAuthenticationTicket class? The MS docs are a bit thin in this area.
Would it be when you want more direct control of the user's session?
I'm trying to get a handle on when I would need to/want to use this ... as
it seems this "general" functionality might be implemented behind the
scences when using something like below for user authentication and session.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication) sender;
if (app.Request.IsAuthenticated && app.User.Identity is FormsIdentity)
{
FormsIdentity identity = (FormsIdentity) app.User.Identity;
...

app.Context.User = new Principal (identity, roles);
Thread.CurrentPrincipal = app.Context.User; // Attach the Principal
object to the current, and therefore subsequent session threads.

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Bill Bassler

"Daniel Kent" <Click here to reveal e-mail address> wrote in message news:680180@aspngsec...
[Original message clipped]
Reply to this message...
 
    
Bill Bassler
In lieu of having the book as a resource, (which I'll try to take look at
when available) some concise examples
that display useful applications would be appreciated.

"Daniel Kent" <Click here to reveal e-mail address> wrote in message news:680180@aspngsec...
[Original message clipped]
Reply to this message...
 
    
Daniel Kent
Here is part of one of the examples from the book. It shows how to add our
own information to an authentication ticket and then persist this in the
forms authentication cookie.

private void LoginButton_Click(object sender, System.EventArgs e)
{
//check the credentials
if(FormsAuthentication.Authenticate
(UsernameTextBox.Text, PasswordTextBox.Value))
{
//get the user discount -hardcoded here for this example
int discount;

//give preference to people with "dan" in their name ;-)
if(UsernameTextBox.Text.IndexOf("dan") != -1)
discount = 10;
else
discount = 5;

//create a new authentication ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
UsernameTextBox.Text,
DateTime.Now,
DateTime.Now.AddHours(3),
false,
discount.ToString());

//encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(ticket);

//create an authentication cookie
HttpCookie authenticationCookie = new
HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);

//write the cookie to the response
Response.Cookies.Add(authenticationCookie);

//redirect the user back to their original URL
Response.Redirect(FormsAuthentication.GetRedirectUrl
(UsernameTextBox.Text,false));
}
else
{
//make the error message visible
ErrorMessageLabel.Visible = true;
}
}

Here is part of the code that accesses the information:

if(Request.IsAuthenticated)
{
DiscountLabel.Text =
((FormsIdentity)User.Identity).Ticket.UserData + "%";
}
else
DiscountLabel.Text = "0% - you are not logged in";

I hope this helps - obviously there is much more explanation of this in the
book.

Dan.

-----Original Message-----
From: Bill Bassler [mailto:Click here to reveal e-mail address]
Sent: 08 July 2002 16:39
To: aspngsec
Subject: [aspngsec] Re: FormsAuthenticationTicket Info

In lieu of having the book as a resource, (which I'll try to take look at
when available) some concise examples
that display useful applications would be appreciated.

"Daniel Kent" <Click here to reveal e-mail address> wrote in message news:680180@aspngsec...
[Original message clipped]

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
 
System.DateTime
System.EventArgs
System.Threading.Thread
System.Web.HttpApplication
System.Web.HttpCookie
System.Web.Security.FormsAuthentication
System.Web.Security.FormsAuthenticationTicket
System.Web.Security.FormsIdentity




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification