Forms Authentication with UserData Problem

[Guest]

Hi all,
I am running ASP.NET 2.0, after login I need to pass CustomerID in my
database instead of username to other pages. I added following code to my
login.aspx

protected void Login_Authenticate(object sender, AuthenticateEventArgs e) {
//FormsAuthentication.SignOut();
if (Membership.ValidateUser(Login.UserName, Login.Password)) {
int customerID = GetCustomerIDByUsername(Login.UserName);
if (customerID > 0) {
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
Login.UserName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
Login.RememberMeSet,
customerID.ToString(),
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

e.Authenticated = true;
} else {
e.Authenticated = false;
}
} else {
e.Authenticated = false;
}
}

Then I have another page to read this cookie, FormsIdentity identity =
Context.User.Identity as FormsIdentity; I set a break point at this line, and
find out the cookie version is "2" instead of "1" I set in login.aspx. And I
cannot read my userData from cookie, it turns to be blank.

Anybody has idea what is wrong?

Thanks!

 

[Guest]

Hi there,

Login control does the same thing internally (passing String.Empty as user
defined data), please look at the exact code which is executed internally:

private void AttemptLogin()
{
if ((this.Page == null) || this.Page.IsValid)
{
LoginCancelEventArgs args1 = new LoginCancelEventArgs();
this.OnLoggingIn(args1);
if (!args1.Cancel)
{
AuthenticateEventArgs args2 = new AuthenticateEventArgs();
this.OnAuthenticate(args2);
if (args2.Authenticated)
{
FormsAuthentication.SetAuthCookie(
this.UserNameInternal, this.RememberMeSet);
this.OnLoggedIn(EventArgs.Empty);
this.Page.Response.Redirect(
this.GetRedirectUrl(), false);
}
else
{
//...
}
}
}
}

Because you're not redirecting after setting authentication cookie, login
control creates another cookie, that overwrites created one (version 2).
Provided code does the same thing so in theory you could redirect to request
page after cookie with custom data has been set:

// amended code you provided
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));
Response.Redirect(this.GetRedirectUrl(), true);

Beware current thread will be aborted, so you won't receive any events
(Login1_LoggedIn, page unload). Otherwise, it is not possible to attach user
data to form authentication cookie (of course when using login control)
without unpacking the ticket in Login.LoggedIn event handler, appending the
custom data and reissuing authentication cookie.

Hope this helps