Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 991
  • Last Modified:

Adding additional information for a Forms Authentication Ticket

How do I add and retrieve additional information to/from a forms authentication ticket?  This is my ticket:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                1,                                                      // Ticket version
                txtUsername.Text,                              // Username associated with the ticket
                DateTime.Now,                                    // Date/time issued
                DateTime.Now.AddMinutes(120),            // Date/time to expire
                true,                                                // "true" for a persistent user cookie
                roles,
                FormsAuthentication.FormsCookiePath);

I need to be able to add the UserID (integer) and officeID (also an integer) and retrieve these values.

How is this possible?
0
stankstank
Asked:
stankstank
  • 7
  • 4
1 Solution
 
eyal_mtCommented:
Use the constructor described here:

http://msdn2.microsoft.com/en-us/kybcs83h.aspx

And pass whatever information you need as the user data - of course you'll have to pass it as a string, but it shouldn't be a problem to parse to integers in and out of the string.

0
 
stankstankAuthor Commented:
Thanks for the link - I am still not clear on how to retrieve values.  Can you give any type of example?

-Stank
0
 
stankstankAuthor Commented:
No, really.  Can you give an example?  I cant figure it out.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
stankstankAuthor Commented:
All information that I come across tells me that the userData portion of the FormsAuthentication ticket is for storing roles.  I want to store things like the UserID and the OfficeID of the user.  How can I do this?  PLEASE give me an example.  HELP!

0
 
raterusCommented:
First link in Google searching for "FormsAuthenticationTicket"
http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx
0
 
stankstankAuthor Commented:
The first link in Google when searching for "FormsAuthenticationTicket" does not help me.  I have seen this page hundreds of times, and everyone refers me to it.

I currently store a list of roles in the user data portion of the ticket, but I need to also store a userID and OfficeID associated with the user, as well as a few other things.  I do not want to have a seperate cookie, either.  I can not find an example of how to do this.

All I need is an actual example of a cookie with roles and a few custom fields in the userdata field.  THen, how to retrieve that data - other than saying if(User.IsInRole("role"))

stank
0
 
raterusCommented:
Why do you have to store this in the cookie anyway?  Could you just use the Session?
0
 
stankstankAuthor Commented:
Not for the userID and OfficeID.  Well, possibly for the OfficeID - but I have to store the UserID inside of it.  Maybe there is some other part of the cookie that will simply hold a userID?  The reason is, if the session object gets dropped, I can't find the userID.  I would find the officeID by querying the db for the userid.
0
 
raterusCommented:
So you are trying to develop a strategy, that if the session expires, but forms authentication doesn't, you can revive the session using data from the ticket?

Wouldn't it be easier to set a slidingExpiration on both, and when they expire, they just have to login again?
0
 
stankstankAuthor Commented:
I could do that, but I don't like the idea of having my users' sessions expire at random times based on the server load.  I am trying to use as few session objects as possible.  Have you stored userID's as session objects before?  How did it work out?  I would really like to have a good idea of what I am looking at before i put something like this on a live system.

Stank
0
 
raterusCommented:
I do mostly windows intranet applications, so even if a session expired, I'll always have their username.

Forms authentication is a bit different.  Are you using asp.net 2.0?  You could use the profile for something like this.  It never expires, and you don't have to mess with cookies, forms authentication tickets, and the like.
0
 
stankstankAuthor Commented:
Ok, I will look into it.  I sure hate to waste so much available userdata space, though.  THe max I will ever use with roles is about 30 byes, and I have 1200 available. :(
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now