Link to home
Start Free TrialLog in
Avatar of crescendo
crescendo

asked on

Looking for Forms authentication cookies

My app uses forms authentication, i.e. it looks up the user in a database and does

    FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)

to show he's authenticated. I thought this generated a cookie, but I can't see one. Am I right to expect one?

ASKER CERTIFIED SOLUTION
Avatar of mmarinov
mmarinov

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of crescendo
crescendo

ASKER

Hi

I'm still lost. Do I need to do more than "RedirectFromLoginPage"? I'm not doing a GetAuthCookie. And what is the "appropriately configured cookie name for the application"?

Thanks, as always

Neil
crescendo,

in your web config you have line like this
<forms name="401kApp" loginUrl="/login.aspx">
the name attribute is:
Specifies the HTTP cookie to use for authentication. By default, the value of name is .ASPXAUTH. If multiple applications are running on a single server and each application requires a unique cookie, you must configure the cookie name in each application's Web.config file.

B..M
crescendo,

what is your approach of getting this cookie ?

B..M
OK. Yes, I have a unique name in the <forms> tag.

In terms of "getting" this cookie, I was just looking in the Cookies folder, expecting to see it there. I have a cookie viewer which parses out the information in the cookie too.

Just to be sure, are you saying that a cookie is not automatically generated in the RedirectFromLoginPage?
PS, if I sound confused, it's because I am! I've never had to dig around in this area before.
hi buddy,
By default, your cookie will store on C:\Documents and Setting\Your account\Cookie. You can easily find it with the localhost@ in the beginning.
and as Mmarinov say, I think that RedirectFromLoginPage will generate cookie if you give a TRUE value in the second parameter.
If I were you, I will give the point to Mmarinov, he make it very clear about the story, buddy. :-)
Just my thinking, hope it don't sound confused too.
BTW,my curious, can you give the name of your cookie viewer software ?
Guys and Gals

I'm still not sure whether I should be seeing a cookie or not.

1.  Do I need to do more than "RedirectFromLoginPage" in order to authenticate a user? Logic says no, as my existing code works and the user is not passed back to the login page again.

2.  Should I expect to see a cookie in my Cookies folder if I set the second parameter to 'False'? The documentation says it uses cookies but I can't see one unless I set the parameter to True.
Hi buddy,
1. No, RedirectFromLoginPage is a function to redirect you to your expect page after you've been authenticated.
I think "If  FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)  = true "  is the method to authenticate a user.
2. With the RedirectFromLoginPage, only when you set to TRUE , cookie will be created on your machine.
But if the parameter is False, a session Cookie will be issued and store on server memory and will expire when you close the browser.
Hope this help you.





<<I think "If  FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)  = true "  is the method to authenticate a user.>>

There is a distinction between "authenticating" a user, and telling the system that the user is authenticated.

I'm authenticating the user myself, against a database, so I just need to tell the system that the user is OK. RedirectFromLoginPage does this for me, as well as returning the user to the expected page.

"FormsAuthentication.Authenticate" does the actual authentication, but only if you use one of the standard ASP.NET methods, such as keeping user names and passwords in a file.