[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 244
  • Last Modified:

Login and FormsAuthentication

Can someone explain to me in very lay terms what each line of this code is actually doing (including all the comma-seperated variables).  I'm using it in my login and it works, but I'd actually like to know what is going on.

FormsAuthentication.Initialize()
                                       Dim isPersistent As Boolean = True
                    Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, strUserName.Text, DateTime.Now, DateTime.Now.AddHours(1), isPersistent, strUserName.Text, FormsAuthentication.FormsCookiePath)
                    Dim hash As String = FormsAuthentication.Encrypt(ticket)
                    Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)
                    FormsAuthentication.RedirectFromLoginPage("default.aspx", False)

Thanks
0
davidcahan
Asked:
davidcahan
2 Solutions
 
Bob LearnedCommented:
1) FormAuthenticationTicket:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref25/html/T_System_Web_Security_FormsAuthenticationTicket.asp

Provides access to properties and values of the ticket used with forms authentication to identify users

Constructor (New) that you are using:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref25/html/C_System_Web_Security_FormsAuthenticationTicket_ctor_4_ad8d5ecc.asp

Public Sub New ( _
      version As Integer, _
      name As String, _
      issueDate As DateTime, _
      expiration As DateTime, _
      isPersistent As Boolean, _
      userData As String _
)

Parameters
version
The version number of the ticket.

name
The user name associated with the ticket.

issueDate
The local date and time at which the ticket was issued.

expiration
The local date and time at which the ticket expires.

isPersistent
true if the ticket will be stored in a persistent cookie (saved across browser sessions); otherwise, false. If the ticket is stored in the URL, this value is ignored.

userData
The user-specific data to be stored with the ticket.


2) FormsAuthentication.Encrypt:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref25/html/M_System_Web_Security_FormsAuthentication_Encrypt_1_d1c11468.asp

Creates a string containing an encrypted forms-authentication ticket suitable for use in an HTTP cookie.

  3)  This line creates a cookie from the encrypted hash from step #2

       Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)

   It allows you to store the authentication already performed.

4) FormsAuthentication.RedirectFromLoginPage("default.aspx", False)

   Redirects to the main starting page (default.aspx)

Bob
     
0
 
Sammy AgeilCommented:
1 is the version, strUsername.text is  the username being authenticated, datetime is the cookie expiration slider adding an hour, presistent to remember the user the last is the path where cookie is store
hash is to encrypt the password
cookie = the cookie created
redirect up on successful login

take a look here
http://authors.aspalliance.com/aspxtreme/sys/web/security/FormsAuthenticationTicketClassctor2.aspx


HTH
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now