• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

Login and FormsAuthentication

Can someone explain to me in very lay terms what each line of this code is actually doing (including all the comma-seperated variables).  I'm using it in my login and it works, but I'd actually like to know what is going on.

FormsAuthentication.Initialize()
                                       Dim isPersistent As Boolean = True
                    Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, strUserName.Text, DateTime.Now, DateTime.Now.AddHours(1), isPersistent, strUserName.Text, FormsAuthentication.FormsCookiePath)
                    Dim hash As String = FormsAuthentication.Encrypt(ticket)
                    Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)
                    FormsAuthentication.RedirectFromLoginPage("default.aspx", False)

Thanks
0
davidcahan
Asked:
davidcahan
2 Solutions
 
Bob LearnedCommented:
1) FormAuthenticationTicket:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref25/html/T_System_Web_Security_FormsAuthenticationTicket.asp

Provides access to properties and values of the ticket used with forms authentication to identify users

Constructor (New) that you are using:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref25/html/C_System_Web_Security_FormsAuthenticationTicket_ctor_4_ad8d5ecc.asp

Public Sub New ( _
      version As Integer, _
      name As String, _
      issueDate As DateTime, _
      expiration As DateTime, _
      isPersistent As Boolean, _
      userData As String _
)

Parameters
version
The version number of the ticket.

name
The user name associated with the ticket.

issueDate
The local date and time at which the ticket was issued.

expiration
The local date and time at which the ticket expires.

isPersistent
true if the ticket will be stored in a persistent cookie (saved across browser sessions); otherwise, false. If the ticket is stored in the URL, this value is ignored.

userData
The user-specific data to be stored with the ticket.


2) FormsAuthentication.Encrypt:

http://windowssdk.msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref25/html/M_System_Web_Security_FormsAuthentication_Encrypt_1_d1c11468.asp

Creates a string containing an encrypted forms-authentication ticket suitable for use in an HTTP cookie.

  3)  This line creates a cookie from the encrypted hash from step #2

       Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, hash)

   It allows you to store the authentication already performed.

4) FormsAuthentication.RedirectFromLoginPage("default.aspx", False)

   Redirects to the main starting page (default.aspx)

Bob
     
0
 
SammyCommented:
1 is the version, strUsername.text is  the username being authenticated, datetime is the cookie expiration slider adding an hour, presistent to remember the user the last is the path where cookie is store
hash is to encrypt the password
cookie = the cookie created
redirect up on successful login

take a look here
http://authors.aspalliance.com/aspxtreme/sys/web/security/FormsAuthenticationTicketClassctor2.aspx


HTH
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now