I am using Forms authentication for my web site. My login page gets the user's login and password.
I look it up in a database, and if everything is OK, then I go ahead and create an authentication
ticket and put it into the cookie (see CODE A below). I then transfer to the main page for the site.
The main page does the Page_Load event code (see CODE B below). If I put a breakpoint at the end of
it and use the Debug window to see what the User.Identity.Name is, and see if the User.IsInRole() is
set, I find that both of them are empty. So it seems like I am failing to get this information into
the ticket (which then populates the IPrincipal info).
So what am I doing wrong? I do know that I got the data out of the database OK, because I stuff
some of it into session variables and it is there (Session("FName"), for example). It just isn't getting
into the httpContext.Current.User object.
(One more bit of information. If I where to hit Shift+F5 and end the session,
and then hit F5 to restart it, then everything will be OK. However, if I logout, then I am back to
my broken state.)
CODE A --- CODE A --- CODE A --- CODE A
Dim cookie As HttpCookie
Dim strHash As String
Dim strTransferTo As String = "Users/SiteNav.aspx"
'Create a new forms authentication ticket used with the user's information
'version = 1
'name = login name (tbLogin.Text)
'issueDate = Now
'Expiration Date = Now + Session timeout minutes
'IsPersistent = TRUE
'userData = user's roles in a comma-delimited list
'cookiepath - not used. MCD is cookieless
Dim ticket As New FormsAuthenticationTicket(
UserInfo.RoleNames) ', _
'Encrypt the ticket and put it into the cookie
strHash = FormsAuthentication.Encryp
cookie = New HttpCookie(FormsAuthentica
'Set the cookie's expiration time to the ticket's expiration time
If ticket.IsPersistent Then
cookie.Expires = ticket.Expiration
'Add the cookie to the list for outgoing response
END CODE A --- END CODE A --- END CODE A --- END CODE A
CODE B --- CODE B --- CODE B --- CODE B --- CODE B
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'Session Variables Available: EID, Login, LoginID, FName, LName
'Reset the session timeout
If Not Page.IsPostBack Then
Timeout * 60) + 10) & "; url=http://www.mychurchdata.com/Login.aspx
'Set Login Name
lblLogin.Text = " " + Session("FName") + " " + Session("LName") + " is logged in."
'If no current user, then return to default page.
If Session("Login") = "" Then
'Set menu visibility
pnlMainMenu.Visible = True
or") = True Then pnlAdminMenu.Visible = True 'SET BREAKPOINT HERE
END CODE B --- END CODE B --- END CODE B --- END CODE B --- END CODE B