.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How can I read data from the Forms Authentication Cookie

Posted By:      Posted Date: October 27, 2010    Points: 0   Category :ASP.Net

I am using Forms Authentication to secure a site. I am using the "user defined data area" to store an account number. I am then encrypting the ticket.


string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

How can I read the "user data" in the cookie? Thanks for the help!

View Complete Post

More Related Resource Links

Forms authentication cookie persists


I have an MVC(Asp.Net 4) site that uses forms authentication and  I have users complaining that if they close the browser(or tab) the site rembers them and this is not what we want. The site is running on IIS7 and below is my web.config authentication section:

<forms loginUrl="Account/Logon

ASP.NET PageMethods - Forms Authentication Cookie Not Always Sent


Since last week I've had a really odd issue with PageMethods, the forms authentication cookie, and the back button which i've never seen before.

Essentially, I have a 'home page' which on document.ready (using jQuery), loads some data through PageMethods, and then renders a list - from which you can click through to a details page about  the item. In general use, it works fine. However, using the back button after clicking through (ie: going back to the home page), it throws a PageMethods error. The browser's 'authentication required' prompt appears, and if you click cancel, the server returns a 401. The error returned by PageMethods on the client side is 'authentication failed'.

After inspecting the request in Fiddler, the forms authentication cookie isn't sent with the request, which would explain why it is happening. My fiddler entry for the request looks like this:


The weird thing is, this happens as soon as you click the link and click back. It's not like the authentication cookie has expired or anything, and if you click cancel when the prompt appears and refresh the page, it works fine (and the cookie is sent). I just can't work out what is going on.

When it works, my Fiddler entry looks like this

Forms Authentication Cookie not showing up in Request.Cookies Collection


While migrating my ASP.NET 1.1 application to 2.0, I've noticed something very odd that I can't explain:

When a user is authenticated via forms authentication, the forms authentication cookie is visible in the application trace (both in the httpheaders and the request.cookies section).  If I view the request.cookies collection using code in the application, I see the forms authentication cookie in the collection (as well as a "control" cookie I added for comparison).

If I log out of the application, the forms authentication cookie is gone and is not viewable anywhere (as expected).

Here's what's strange: When the login session of an authenticated user expires after 5 minues, the forms authentication cookie is still present.  This is expected as it is a non-persistent cookie and should remain in memory until the browser is closed.  When viewing the trace information, I see the forms authentication cookie in both the http headers and the request.cookies collection.  However, when I view the request.cookies collection from within the application using code, it is NOT there.  (The "control" cookie is, as expected)  I even took the step of reading the cookie in through javascript, and that does in fact work.

I've gone over this for hours using many

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Using Session to pass data between forms


In my app, I am displaying an Rss Feed, I have a button that takes the user to another form where they can select a them.  Upon selecting the theme, they are taken back to the original form. 

If the user has selected which theme they want to view then they click on the button to change theme, I need to pass the information about what rss feed they were viewing through session so that once they select the theme they want they are redirected back to the main page and the rss feed they were viewing should still be displayed.

Since I've already bound the data to the xmlDataSource and DataList I am trying the following:

Session.Add("CurrentRssFeed", XmlDataSource1.DataFile);

Session.Add("CurrentDataList", DataList1);

I'm not sure I am passing the data over correctly and I'm not sure how to specify it in the page_preinit.

Any ideas???

Writing Data to database with jQuery Forms, ASMX Webservice, & JSON - help!



Can someone point me in the right direction on how to submit data from a jQuery form to a ASMX webservice? I have gotten everything on the form ready to be submitted to the database and now I am stuck on how to send it over using $.ajax(). Everything I have read tells me how to get data from a webservice and display it with jQuery, but not the other direction nor how to access the json data within the within the webservice service(similar to a Request.Form approach with ASP.NET forms).

In other words: 

1. What do I need to do to my webservice to make sure it can receive data from the jQuery form. 

2. What do I need to do in jQuery to receive an acknowledgement the save on the server side was successful. 

I can explain more if need be, but if there is a comprehensive tutorial on not only reading, but also WRITING data with jQuery, JSON, etc. I would love to get pointed in that direction. 

Forms based users being prompted for windows authentication login for My Sites photos in user lists

Here's an issue I didn't see coming for our forms based authentication users. 

We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...

Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com

When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.

How do we fix this? 

403 Forbidden - Forms Authentication


Form template has cascading dropdown lists.  When item selected from first list, form code executes a FileQueryConnection to retrieve data from a list to populate 2nd listbox.  Getting 403 forbidden when explicitely attempting to retrieve data from code.  Form is using connections from a data connection library.  The template works perfectly when deployed to a windows authenticated site.  Fails when executed from the forms authenticated site.


Issue with Forms Authentication


 I'm in the middle of converting an intranet application to use forms authentication. The authentication process works fine for the core application and all the nested classic asp pages. However, my nested asp.net applications do not work. I have mapped their web.configs to the correct login url. If I attempt to access them after logging in, I am automatically redirected to the homepage of the intranet application. If I try to access them directly, I am redirected to the login screen, as I should be, and then the intranet homepage after the login process, instead of the page I need to access.

At first, I thought there might be some remnant of the security processes in the nested applications, but it does it for applications that have no security processes other than the one for the core intranet.

Since this is my first crack at using forms authentication, I'm assuming I've missed some step. Any ideas?

Here is the section of my web.config:

<authentication mode="Forms">

      <forms loginUrl="~/folder/loginpage.aspx" name="Cookie Name"></forms>


      <deny users="?" />
      <allow users="*"/>

Creating a SharePoint 2010 Web Part That Can Read and Write Data to an External Data Source

Learn to use Visual Studio 2010 to create a Visual Web Part that uses a BCS external content type in SharePoint Server 2010 to read and write data to the AdventureWorks sample database.

Sample: Creating a SharePoint 2010 Web Part That Can Read and Write Data to an External Data Source

Explore the code in this visual how-to article as you learn to use Visual Studio 2010 to create a Visual Web Part that uses a BCS external content type in SharePoint Server 2010.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend