Databases
StackOverflow2013
Postsdbo
POCustom IIdentity and IPrincipal using FormsAuthenticationTicket cookie in MVC2
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POCustom IIdentity and IPrincipal using FormsAuthenticationTicket cookie in MVC2
    primarykey
    data
    text
    <p>I am currently trying to implement some custom security in an ASP.NET MVC2 web application.</p> <p>I am trying to do something really simple as my code below shows but for some reason if I use the <code>[Authorize(Roles="Admins")]</code> attribute on one of my controller actions, check the <code>Context.User.IsInRole("Admins")</code> or <code>Page.User.IsInRole("Admins")</code> it is always false.</p> <p>It is also weird that the <code>User.Identity.Name</code> is also blank.</p> <p>See my code below, I am using a FormsAuthenticationTicket within a cookie which I then use in the <code>Application_AuthenticateRequest</code> event handle within my Gloabl.asax to set the Context.User with a <code>GenericPrincipal</code> object.</p> <p>My login code:</p> <pre><code>[AcceptVerbs(HttpVerbs.Post)] public ActionResult Login(string username, string password) { //this would obviously do a check against the supplied username and password if (true) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(15), false, "Admins|Users|Members"); string encTicket = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket); this.Response.Cookies.Add(cookie); string url = FormsAuthentication.GetRedirectUrl(username, false); Response.Redirect(url); } return View(); } </code></pre> <p>My Global.asax Code:</p> <pre><code> void MvcApplication_AuthenticateRequest(object sender, EventArgs e) { HttpApplication application = (HttpApplication)sender; HttpContext context = application.Context; var cookie = context.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { // Get the authentication ticket // and rebuild the principal &amp; identity FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(cookie.Value); string[] roles = authTicket.UserData.Split(new Char[] { '|' }); GenericIdentity userIdentity = new GenericIdentity(authTicket.Name); GenericPrincipal userPrincipal = new GenericPrincipal(userIdentity, roles); context.User = userPrincipal; } </code></pre> <p>Once I set the context.User above I can view in the watch window and the object is set perfectly, in the correct roles with the right name etc, however if i try and lock down controller actions or use the Principal from anywhere in my site it is always set to an empty string with no roles assigned!!</p> <p>I'm guessing i'm doing something really stupid here but if someone could point this out I would really appreciate it.</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USMarkB29
    1. USMarkB29
    plurals
    1. This table or related slice is empty.
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POCustom IIdentity and IPrincipal using FormsAuthenticationTicket cookie in MVC2
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POCustom IIdentity and IPrincipal using FormsAuthenticationTicket cookie in MVC2
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POCustom IIdentity and IPrincipal using FormsAuthenticationTicket cookie in MVC2
      1. This table or related slice is empty.
      1. VTUpMod
    1. COcan u please post your web.config FORMS settings, please?
      singulars
      1. POCustom IIdentity and IPrincipal using FormsAuthenticationTicket cookie in MVC2
      1. USPure.Krome
    2. COi have the same problem
      singulars
      1. POCustom IIdentity and IPrincipal using FormsAuthenticationTicket cookie in MVC2
      1. USMohsen
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload