Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Looking for Forms authentication cookies

Posted on 2004-10-21
10
Medium Priority
?
301 Views
Last Modified: 2012-08-13
My app uses forms authentication, i.e. it looks up the user in a database and does

    FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)

to show he's authenticated. I thought this generated a cookie, but I can't see one. Am I right to expect one?

0
Comment
Question by:crescendo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 28

Accepted Solution

by:
mmarinov earned 1000 total points
ID: 12368732
Hi crescendo,

the RedirectFromLoginPage does not creates the cookie ( read the text copied from MSDN )
Redirects an authenticated user back to the originally requested URL.

[Visual Basic]
Overloads Public Shared Sub RedirectFromLoginPage( _
   ByVal userName As String, _
   ByVal createPersistentCookie As Boolean _
)

[C#]
public static void RedirectFromLoginPage(
   string userName,
   bool createPersistentCookie
);

[C++]
public: static void RedirectFromLoginPage(
   String* userName,
   bool createPersistentCookie
);

[JScript]
public static function RedirectFromLoginPage(
   userName : String,
   createPersistentCookie : Boolean
);

Parameters
userName
Name of the user for cookie authentication purposes. This does not need to map to an account name and will be used by URL Authorization.
createPersistentCookie
Specifies whether or not a durable cookie (one that is saved across browser sessions) should be issued.
Remarks
The RedirectFromLoginPage method redirects to the return URL key specified in the query string. For example, in the URL http://www.contoso.com/login.aspx?ReturnUrl=caller.aspx, caller.aspx is the return URL that RedirectFromLoginPage redirects to. If the return key does not exist, RedirectFromLoginPage redirects to Default.aspx. ASP.NET automatically adds the return URL when the browser is redirected to the login page specified in the loginUrl attribute in the <forms> Element configuration directive. The method issues an authentication ticket and does a SetForms with the ticket, using the appropriately configured cookie name for the application as part of the redirect response.


BUT the creation of the cookie is made by GetAuthCookie
Creates an authentication cookie for a given user name. This does not set the cookie as part of the outgoing response, so that an application can have more control over how the cookie is issued.

[Visual Basic]
Overloads Public Shared Function GetAuthCookie( _
   ByVal userName As String, _
   ByVal createPersistentCookie As Boolean _
) As HttpCookie

[C#]
public static HttpCookie GetAuthCookie(
   string userName,
   bool createPersistentCookie
);

[C++]
public: static HttpCookie* GetAuthCookie(
   String* userName,
   bool createPersistentCookie
);

[JScript]
public static function GetAuthCookie(
   userName : String,
   createPersistentCookie : Boolean
) : HttpCookie;

Parameters
userName
Name of the authenticated user. This does not have to map to a Windows account.
createPersistentCookie
Specifies whether or not a durable cookie (a cookie that is saved across browser sessions) should be issued. Cookie path defaults to'/'.

Regards!
B..M
0
 
LVL 9

Author Comment

by:crescendo
ID: 12368773
Hi

I'm still lost. Do I need to do more than "RedirectFromLoginPage"? I'm not doing a GetAuthCookie. And what is the "appropriately configured cookie name for the application"?

Thanks, as always

Neil
0
 
LVL 28

Expert Comment

by:mmarinov
ID: 12368799
crescendo,

in your web config you have line like this
<forms name="401kApp" loginUrl="/login.aspx">
the name attribute is:
Specifies the HTTP cookie to use for authentication. By default, the value of name is .ASPXAUTH. If multiple applications are running on a single server and each application requires a unique cookie, you must configure the cookie name in each application's Web.config file.

B..M
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:mmarinov
ID: 12368802
crescendo,

what is your approach of getting this cookie ?

B..M
0
 
LVL 9

Author Comment

by:crescendo
ID: 12368859
OK. Yes, I have a unique name in the <forms> tag.

In terms of "getting" this cookie, I was just looking in the Cookies folder, expecting to see it there. I have a cookie viewer which parses out the information in the cookie too.

Just to be sure, are you saying that a cookie is not automatically generated in the RedirectFromLoginPage?
0
 
LVL 9

Author Comment

by:crescendo
ID: 12368863
PS, if I sound confused, it's because I am! I've never had to dig around in this area before.
0
 
LVL 4

Expert Comment

by:vinhthuy_nguyen
ID: 12372566
hi buddy,
By default, your cookie will store on C:\Documents and Setting\Your account\Cookie. You can easily find it with the localhost@ in the beginning.
and as Mmarinov say, I think that RedirectFromLoginPage will generate cookie if you give a TRUE value in the second parameter.
If I were you, I will give the point to Mmarinov, he make it very clear about the story, buddy. :-)
Just my thinking, hope it don't sound confused too.
BTW,my curious, can you give the name of your cookie viewer software ?
0
 
LVL 9

Author Comment

by:crescendo
ID: 12374857
Guys and Gals

I'm still not sure whether I should be seeing a cookie or not.

1.  Do I need to do more than "RedirectFromLoginPage" in order to authenticate a user? Logic says no, as my existing code works and the user is not passed back to the login page again.

2.  Should I expect to see a cookie in my Cookies folder if I set the second parameter to 'False'? The documentation says it uses cookies but I can't see one unless I set the parameter to True.
0
 
LVL 4

Expert Comment

by:vinhthuy_nguyen
ID: 12379056
Hi buddy,
1. No, RedirectFromLoginPage is a function to redirect you to your expect page after you've been authenticated.
I think "If  FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)  = true "  is the method to authenticate a user.
2. With the RedirectFromLoginPage, only when you set to TRUE , cookie will be created on your machine.
But if the parameter is False, a session Cookie will be issued and store on server memory and will expire when you close the browser.
Hope this help you.





0
 
LVL 9

Author Comment

by:crescendo
ID: 12379167
<<I think "If  FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)  = true "  is the method to authenticate a user.>>

There is a distinction between "authenticating" a user, and telling the system that the user is authenticated.

I'm authenticating the user myself, against a database, so I just need to tell the system that the user is OK. RedirectFromLoginPage does this for me, as well as returning the user to the expected page.

"FormsAuthentication.Authenticate" does the actual authentication, but only if you use one of the standard ASP.NET methods, such as keeping user names and passwords in a file.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question