Security :: Save MyAppUser In FormsAuthenticationTicket?
Feb 19, 2010
I'm not using the Membership framework built into .NET but I'm using FormsAuthenticationTicket to make sure user is logged in. I have an object for my users in my application -- let's call it MyAppUser object. Can I save this in the FormsAuthenticationTicket as opposed to saving some string?
If I can't do that, I can save the object in session but I'm a little worried that session and FormsAuthenticationTicket will get out of synch.
View 1 Replies
Similar Messages:
Mar 13, 2010
I'm trying to dynamically create a url containing a FormsAuthenticationTicket that can then be emailed to a user who has forgotten their password. Then when the user follows the url they will be authenticated by the ticket in the url and be able to access the reset password page
I have tried creating a FormsAuthenticationTicket object and encrypting it but the string it produced seems way longer than the hash in the urls produced when using cookieless authentication.
What I want to do is produce a url say
eg. http://www.mysite.com/lkdjlkj_hashcode_lkoiojiionki/reset.aspx
that will be recongnised by cookieless authentication. But as I said the hash I come up with seems way to long and just not right at all.
you can see how long and different it is here by pressing the forgot password button..
[URL]
it says in the docs for FormsAuthenticationTicket that the encrypted ticket can be stored in a url. but I want to make it the same as those used by cookieless authentication so that it is recognised straight away.
View 3 Replies
Apr 27, 2010
I assume that any Role information is being stored in the FormsAuthenticationTicket in the UserData (delimited by some character).Second, I assume that any information in the Profile is not stored in memory / session anywhere, but when you do call the profile.VARIABLE, you are in fact doing a call to the DB (although it's simplified by the fact that it knows who you are when calling etc).Assuming the above is correct, I'm trying to complete a custom membership provider. As part of this each user will have a single role. So using a full blown role provider seems to be overkill. I assume that I can write the single role into the UserData in the FormsAuthenticationTicket myself?I would like to also store a number of other small bits of information in the ticket (such as a GroupId, VendorId which are seperate from the user / role). If I wanted to do this, and the role is held in the userdata, how would I identify what is a role and what is someother persistant data I need on the application?I could use Session items for these, but this might cause issues with the web-farm, plus the amount of data is very small (3 or 4, int32 values and maybe one string).Finally, items such as Address, PostCode, Contact Phone number all seem sensible items to place in the profile ( I'm using the table provider). Is the advantage here purely the ease of access? This isn't commonly used data, so if there is a round trip to the db thats not an issue really in this instance
View 4 Replies
Jan 19, 2010
I'm authenticating my users using the following code for the login event:
[Code]....
The following code runs in global.asax at Application_AuthenticateRequest:
[Code]....
Everything works great so far. Next thing that I need to do is add additional user information to the forms authentication ticket using user profile. When I try to add it right after the login code above, I end up getting an error message about anonymous profile. On the other hand, HttpContext.Profile is read only and doesn't seem to work. Is there any workaround for this?
View 2 Replies
Apr 30, 2010
I have a web application developed using VB .Net 2003, and is running ASP Net 1.1.
The application is running fine on all browser, except for the login/authentication control that doesn't work properly on Chrome.
We have different types of users using the website, and each user type has different menu items displayed for.
The problem is, if a user logs on with let's say Admin account, and logs off and later logs on again using student account, the user still gets the Admin menu, and of course vice versa.
I'm not sure if I'm doing something wrong, or there is something I'm missing here.
On more thing, if the timeout period reached, and the session was timed out , and the user (regardless of the type) tries to log on again, he is successful on all browser except on Chrome again!, where it keeps telling the session was timed out, and never logs on again until clearing the cookies.
This is what i have in my application web.config
<!-- Authentications -->
authentication mode="Forms">
<forms loginUrl="index.aspx" name="authCookie" protection="All" timeout="60" path="/"></forms>
</authentication>
[Code]....
View 2 Replies
Jan 7, 2010
I have a testproject and the forms timeout specified in web.config overrules the timeout which I set in FormsAuthenticationTicket. According the documentation, the timeout (expire date) in FormsAuthenticationTicket must override the timeout in web.config.
Documentation found on:
[URL]
[Code]....
Here is my code:
Web.config:
[Code]....
Login.aspc.cs:
[Code]....
Now, when I login, i get redirected after 1 minute of inactivity. This isn't supposed to happen, right? I have to be redirected after 2 minutes.
View 1 Replies
Oct 27, 2010
I am using forms authentication in asp.net application. This is working fine in internet explorer. Opening application in firefox is also fine but when i login in second instance of firefox, application in first instance logs out. Following is my code for creating ticket and cookie.
FormsAuthenticationTicket objTicket = new
FormsAuthenticationTicket(1, sUserName,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false,
"");
HttpCookie objCookie = new
HttpCookie(FormsAuthentication.FormsCookieName);
objCookie.Value = FormsAuthentication.Encrypt(objTicket);
objCookie.Expires = DateTime.Now.AddHours(1);
HttpContext.Current.Response.Cookies.Add(objCookie);
View 1 Replies
Feb 13, 2010
I'm using Forms authentication in my application but I'm not using the Membership that's built into .NET.
How do I automatically send user to login page when his/her FormsAuthenticationTicket expires? I just don't want a user log in and leave a page on their computer screen long after their session has expired. I'd like to make sure that as soon as the user's
FormsAuthenticationTicket has expired, I send them to login page.
View 1 Replies
Feb 3, 2011
This is my function that is called when a login is successful. (I am very new to this FormAuthentication thing)
public static void CreateLoginCookie(User u)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(u.Id.ToString(), true, 9*60);
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) { Expires = DateTime.Now.AddHours(9) };[code]....
I want the user stay logged in for 9 hours, but it doesn't work. They get logged out after an hour or two.
Could someone tell me what I am missing?
View 1 Replies
Mar 23, 2010
when i read msdn.
i saw 2 things token and formsauthentication ticket..
can anybody tell me the Difference between token and FormsAuthenticationTicket ?
View 15 Replies
Nov 18, 2010
My website has a payment page from where the wesite is redirected to paypal.com and after the payment is processed will be returned to my wesite.... But problem is that " when the payent is made and redirected for the first time from any browser the AuthenticationTicket is getting expired. this is only for the first time but after that it works fine". can any help me with this issue driving me crazy.. and also i hate set the expiration time for 7 days....
View 2 Replies
Feb 22, 2010
The thing is that in my web application user login form (FormsAuthenticationTicket) and a session variable which does not expire on time together ..!
I have a login page where I make a FormsAuthenticationTicket and a session ...
My problem after a little time out my session, but my FormsAuthenticationTicket not do it ..
Can I somehow do that when my session expires varbial so FormsAuthenticationTicket also will expired ..
Here in my login page and logout:
[Code]....
View 1 Replies
Dec 20, 2010
I'm implementing an authentication timeout detection mechanism per a previous question and answer of mine here. I've implemented an HTTP module that uses the AuthenticateRequest event to run code to capture whether the authentication period has expired. The code to do this is below:
public class AuthenticationModule : IHttpModule
{
#region IHttpModule Members
void IHttpModule.Dispose() { }
void IHttpModule.Init(HttpApplication application)
[Code]....
The problem is that, once the authentication period has expired (I set it to 1 min to test), there is no longer a forms cookie (see comment in code). This means that the authentication cookie will be null, and I won't make it past the null check in my code. But there's a convenient "Expired" property for a FormsAuthenticationTicket that I feel like I should be checking to see if the period is expired. But how do I get that far if the cookie is no longer there? Is it reasonable to assume the authentication period has expired if there's no longer a forms cookie?
View 1 Replies
Sep 21, 2010
when a user logins into my site i create the following authenticate ticket:
// Create the authentication ticket
var authTicket = new FormsAuthenticationTicket(1, // Version
userName, // Username [code]...
The problem i have is that if an administrator changes a user's role or time zone then the next time they return to the site their ticket is not updated (if they selected remember me when logging in).Here's my authentication settings incase it helps:
<authentication mode="Forms">
<forms timeout="10080" slidingExpiration="true" />
</authentication>
<membership userIsOnlineTimeWindow="15" />
I've been reading up on slidingExpiration but as far as i can tell it only increases the expiration time and doesn't renew the contents of the cookie.
View 1 Replies
Feb 1, 2011
I'm am building an web application that needs to be able to scale.We want to store, an connection string, an object that says what organization the user is working on right now and the identity of the user.
We could serialize down this and send through the userdata property in the FormsAuthenticationTicket, but that feels to not be the optimal solution, cause its is 4-5 strings of data that is unncessesary, but the main issue is that we are sending an encrypted connectionstring to the user which we dosent want to.
So what are our options?Can ASP.NET Cache be our solution?, can we couple the expiration of the asp.net cache and the formsauthenticationcookie?
View 2 Replies
Dec 20, 2010
I'm trying to check the Expired property of the user's current FormsAuthenticationTicket to see if the authentication period has expired. But when the period has expired, I'm never able to get enough information to even create the ticket to check. I've tried this:
FormsIdentity id = (FormsIdentity)User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
But User is null when the authentication period has expired. So that won't work. I've tried this:
HttpCookie authCookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
But the Forms Cookie is gone when the authentication period has expired, meaning authCookie will be null. So that doesn't work.
Is there any way to actually get the FormsAuthenticationTicket object when the authentication period has expired? There must be, because there's an "Expired" property in the object.
View 2 Replies
Aug 2, 2010
I have implemented my own custom MembershipProvider with a custom data store. No problems so far. I would like for people to login using their email instead of a username. Because I have my own data store, this is not a major issue, I can just pass the email as the username for the MembershipProvider.
My question is, how do I store additional custom user data along in the FormsAuthenticationTicket? I want to store a couple of things that will never change, such as their UserId, First/Last Name and Country. I started looking into creating FormsAuthenticationTicket with the UserData, but quickly got confused. How do I store multiple things into this UserData, and how do I easily read this data back on every single ASP.NET MVC2 page. I found many samples, none that really seemed that great in terms of MVC2. There has to be a simple way to do this.
It would make no sense to read the UserId, First/Last Name and the Country from a database on each and every request because it would never change. Plus, while I want the user to login using their email, I'd want to store their UserId in the auth cookie so that it can be used in nearly every user related database query rather than the email (because in all the tables, the user data is stored along with the UserId - not the email because technically the email could be changed - I already figured that stuff out when it comes to the MembershipProvider).
What is the best practices for storing additional user data like this in ASP.NET MVC2?
View 7 Replies
Jun 4, 2010
Using Membership. How that when you first login Save user name?
View 5 Replies
Feb 12, 2011
The roles of users are not saved. Here is what i am doing:
[Code]....
And i added this to the create user wizard:
<asp:WizardStep ID="SpecifyRolesStep" runat="server" StepType="Step"
Title="Specify Roles" AllowReturn="False">
<asp:CheckBoxList ID="RoleList" runat="server">
</asp:CheckBoxList>
</asp:WizardStep>
View 1 Replies
Sep 16, 2010
I need to know the best way to have a user click a link that will download a file that is out on the server and save it to a specific location on their computer. The file is a custom template for Microsoft Outlook signature. Thus, it has to be in a certain folder and this folder will have a different location if the user has Windows 7 vs Windows XP.
I wrote a ASP.NET page that captures the user that is logged in and use WebClient.DownloadFile to download the file. However, I am getting an access is denied error. Apparently my server doesn't have access to write to the user's folder. My questions are.
1. How do I solve this and make it so that my server can write to the user's PC?
2. Is there a better way to roll out a custom Outlook template that the entire company should use?
View 1 Replies
Nov 11, 2010
I want to save the user_email and user_password in my website Session and clear it when loggin out but i wantg to know how secure it is to store passwords?
View 3 Replies
Feb 4, 2011
I have not been able to save any profile information? All the tutorials seem straightforward but nothing works.
[Code]....
[Code]....
If I am using the default profile provider, why won't this work?
View 4 Replies
Mar 10, 2010
I'm using the ASP.NET membership framework in my ASP.NET application. I'd like to save a few extra pieces of information in the cookie so that when I need it, I don't have to go back to the database. I want to save user's email address, full name and time zone.How do I save this information in the cookie?
View 1 Replies
Mar 9, 2010
I am using ASP.NET Memberships and I have the timeout set to 100, when the user logs into the system in Internet Explorer (6 or 8) and then closes the window and tries to open it back up... It asks the user to login again. Why is that and how can I disable that?
View 3 Replies
Jan 14, 2011
I have been struggling to save custom property data into member using createuserwizard. I add some extra fields into createuserwizard using wizardsteps and What I would like to accomplish is to save extra data of that fields and see that data on admin backend of member section of umbraco cms.
What I have done so far in brief:
Created a user control using asp.net createuserwizard and save it to umbraco.
I also added a macro into usercontrol which pulls its data from dropdown list multiple render control data type which has some prevalues.
After selecting values and creating user, none of the selected values of dropdown list multiple render control data type are selected on admin backend but address are successfully saved.
Code behind file:Roles.AddUserToRole(UserName.Text, "BasicUsers");var profile = System.Web.Profile.ProfileBase.Create(UserName.Text);profile["sector"] = Sector.SelectedItem.Value;profile["address"] = Address.Text;profile.Save();
That relevant code snippet above works well like profile["address"] = Address.Text; but I am unable to save with other renders controls as Dropdown list multiple.
View 4 Replies
