S
Sean Patterson
Hey all,
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in to the IPrincipal. This
has worked on some other apps, but my code isn't working in my new one
for some reason. Here's my CreateCredentials code:
Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As
String)
Dim CurrentContext As HttpContext
Dim FormsCookie As String
Dim AuthCookie As HttpCookie
Dim Ticket As System.Web.Security.FormsAuthenticationTicket
Dim AuthIdentity As System.Web.Security.FormsIdentity
Dim MinutesUntilExpiration As Double
CurrentContext = HttpContext.Current
' The session timeout limit is defined in the web.config file
MinutesUntilExpiration =
CType(ConfigurationSettings.AppSettings("WLTTimeOutMinutes"), Double)
Ticket = New System.Web.Security.FormsAuthenticationTicket(1,
UserID, DateTime.Now, _
DateTime.Now.AddMinutes(MinutesUntilExpiration), _
False,
UserRole)
' Add ticket into user's cookie list and put the ticket into the
user's HTTP Context
FormsCookie = System.Web.Security.FormsAuthentication.Encrypt(Ticket)
AuthCookie = New
HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName,
FormsCookie)
CurrentContext.Response.Cookies.Add(AuthCookie)
End Sub
Similarly, in my global.asax I have the following
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
Dim id As System.Web.Security.FormsIdentity
Dim ticket As System.Web.Security.FormsAuthenticationTicket
' Update authentication ticket greated during login to include
the user's role in its credentials.
If Not HttpContext.Current.User Is Nothing Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is
System.Web.Security.FormsIdentity Then
id = CType(HttpContext.Current.User.Identity,
System.Web.Security.FormsIdentity)
ticket = id.Ticket
Dim UserRole() As String = {""}
UserRole(0) = ticket.UserData
HttpContext.Current.User = New
System.Security.Principal.GenericPrincipal(id, UserRole)
End If
End If
End If
End Sub
For some reason, when I debug, I trace the script through the create
credentials striaght into the application_authentication, but the
UserData doesn't go with it. Here is my debug info:
Login Form:
?Ticket
{System.Web.Security.FormsAuthenticationTicket}
CookiePath: "/"
Expiration: #1/24/2005 4:12:16 PM#
Expired: False
IsPersistent: False
IssueDate: #1/24/2005 3:52:16 PM#
Name: "spatterson"
UserData: "USER"
Version: 1
Global.asax
{System.Web.Security.FormsAuthenticationTicket}
CookiePath: "/"
Expiration: #1/24/2005 4:22:32 PM#
Expired: False
IsPersistent: False
IssueDate: #1/24/2005 3:52:32 PM#
Name: "spatterson"
UserData: ""
Version: 1
Any help to what I'm missing? I've even cleared out my cookies in IE to
test things. Thanks in advance!
I've followed the examples online on how to use Forms Authentication to
create a ticket, assign it a role, and then intercept it in the
Global.asax file to make sure it gets sucked in to the IPrincipal. This
has worked on some other apps, but my code isn't working in my new one
for some reason. Here's my CreateCredentials code:
Private Sub CreateCredentials(ByVal UserID As String, ByVal UserRole As
String)
Dim CurrentContext As HttpContext
Dim FormsCookie As String
Dim AuthCookie As HttpCookie
Dim Ticket As System.Web.Security.FormsAuthenticationTicket
Dim AuthIdentity As System.Web.Security.FormsIdentity
Dim MinutesUntilExpiration As Double
CurrentContext = HttpContext.Current
' The session timeout limit is defined in the web.config file
MinutesUntilExpiration =
CType(ConfigurationSettings.AppSettings("WLTTimeOutMinutes"), Double)
Ticket = New System.Web.Security.FormsAuthenticationTicket(1,
UserID, DateTime.Now, _
DateTime.Now.AddMinutes(MinutesUntilExpiration), _
False,
UserRole)
' Add ticket into user's cookie list and put the ticket into the
user's HTTP Context
FormsCookie = System.Web.Security.FormsAuthentication.Encrypt(Ticket)
AuthCookie = New
HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName,
FormsCookie)
CurrentContext.Response.Cookies.Add(AuthCookie)
End Sub
Similarly, in my global.asax I have the following
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
' Fires upon attempting to authenticate the user
Dim id As System.Web.Security.FormsIdentity
Dim ticket As System.Web.Security.FormsAuthenticationTicket
' Update authentication ticket greated during login to include
the user's role in its credentials.
If Not HttpContext.Current.User Is Nothing Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is
System.Web.Security.FormsIdentity Then
id = CType(HttpContext.Current.User.Identity,
System.Web.Security.FormsIdentity)
ticket = id.Ticket
Dim UserRole() As String = {""}
UserRole(0) = ticket.UserData
HttpContext.Current.User = New
System.Security.Principal.GenericPrincipal(id, UserRole)
End If
End If
End If
End Sub
For some reason, when I debug, I trace the script through the create
credentials striaght into the application_authentication, but the
UserData doesn't go with it. Here is my debug info:
Login Form:
?Ticket
{System.Web.Security.FormsAuthenticationTicket}
CookiePath: "/"
Expiration: #1/24/2005 4:12:16 PM#
Expired: False
IsPersistent: False
IssueDate: #1/24/2005 3:52:16 PM#
Name: "spatterson"
UserData: "USER"
Version: 1
Global.asax
{System.Web.Security.FormsAuthenticationTicket}
CookiePath: "/"
Expiration: #1/24/2005 4:22:32 PM#
Expired: False
IsPersistent: False
IssueDate: #1/24/2005 3:52:32 PM#
Name: "spatterson"
UserData: ""
Version: 1
Any help to what I'm missing? I've even cleared out my cookies in IE to
test things. Thanks in advance!