zoukankan      html  css  js  c++  java
  • How can I manually create a authentication cookie instead of the default method?

    How can I manually create a authentication cookie instead of the default method? 

    Here you go. ASP.NET takes care of this for you when you use the higher level methods built into FormsAuthentication, but at the low level this is required to create an authentication cookie. 

    if (Membership.ValidateUser(username, password))
    {  
      // sometimes used to persist user roles
      string userData = string.Join("|",GetCustomUserRoles());
    
      FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
        1,                                     // ticket version
        username,                              // authenticated username
        DateTime.Now,                          // issueDate
        DateTime.Now.AddMinutes(30),           // expiryDate
        isPersistent,                          // true to persist across browser sessions
        userData,                              // can be used to store additional user data
        FormsAuthentication.FormsCookiePath);  // the path for the cookie
    
      // Encrypt the ticket using the machine key
      string encryptedTicket = FormsAuthentication.Encrypt(ticket);
    
      // Add the cookie to the request to save it
      HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
      cookie.HttpOnly = true; 
      Response.Cookies.Add(cookie);
    
      // Your redirect logic
      Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent));
    }

    I'm not sure why you would want to do something custom here. If you want to change the implementation of where user data is stored and how users authenticate then it's best practice to create a custom MembershipProvider. Rolling your own solution and messing with the authentication cookie means a high probability of introducing security holes in your software.

    I don't understand your part 2. You only need to call FormsAuthentication.GetRedirectUrl if you want to return users to the page they were trying to access when they got bounced to login. If not do whatever you want here, redirect to a url stored in the configuration if you want.

    To read the FormsAuthentication cookie, normally you would hook the AuthenticateRequest event in a HttpModule or the Global.asax and set up the user IPrinciple context.

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
        if(authCookie != null)
        {
            //Extract the forms authentication cookie
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    
            // If caching roles in userData field then extract
            string[] roles = authTicket.UserData.Split(new char[]{'|'});
    
            // Create the IIdentity instance
            IIdentity id = new FormsIdentity( authTicket );
    
            // Create the IPrinciple instance
            IPrincipal principal = new GenericPrincipal(id, roles);
    
            // Set the context user 
            Context.User = principal;
        }
    }
  • 相关阅读:
    POJ 1815 求最小点割(拆点+枚举割边)
    POJ 2391 floyd + 拆点构图 + 二分 + 最大流
    POJ 1966 去掉最少的点使得图不连通(最小点割)
    sgu 194 无源汇的上下界可行流
    POJ 2396 有源汇的上下界可行流(好题)
    DIV水平垂直居中
    The Struts dispatcher cannot be found
    Introduction to 3D Game Programming with Direct X 9.0c读书笔记(1)
    Chapter 5Looking Through a Filter(如何将纹理坐标变换到屏幕坐标)
    Chapter 6Blurring Things Up之Do It Twice
  • 原文地址:https://www.cnblogs.com/chucklu/p/12188903.html
Copyright © 2011-2022 走看看