tags:

views:

240

answers:

1
Q: 

How do you get AnonymousID from cookie ASPXANONYMOUS?

If I have a look at my cookievalue .ASPXANONYMOUS it is a string ie

WZnX-rXHygEkAAAAOTFhZjE5YTctZmEzZi00MTMwLWEwNTAtYjYwMzI0N2M0NTY4gQUsRlThiJWAjBgmBnpeIba7eGo1

The value Request.AnonymousID is a Guid.

How do you get from ASPXANONYMOUS to AnonymousID ?

I need this to debug some issues I have with FormsAuthentication.

+2  A: 

Yes, an anonymous id is a GUID. The cookie string is an encrypted value containing the id and other data:

[Serializable]
internal class AnonymousIdData
{
    internal string AnonymousId;
    internal DateTime ExpireDate;

    internal AnonymousIdData(string id, DateTime dt);
}

By default, anonymous cookies are valid for 90 days and are refreshed every visit.

You can treat Request.AnonymousID as the request username when Request.IsAuthenticated==false.

see AnonymousIdentificationModule

UPDATE: In response to a comment, yes, you can decode the value, but why?

string aId = Request.AnonymousID;

string anonCookieValue = Request.Cookies[".ASPXANONYMOUS"].Value;
MethodInfo method = typeof(AnonymousIdentificationModule).GetMethod("GetDecodedValue", BindingFlags.Static | BindingFlags.NonPublic);
object anonymousIdData = method.Invoke(null, new object[] { anonCookieValue });
var field = anonymousIdData.GetType().GetField("AnonymousId", BindingFlags.Instance | BindingFlags.NonPublic);
string anonymousId = (string) field.GetValue(anonymousIdData);
field = anonymousIdData.GetType().GetField("ExpireDate", BindingFlags.Instance | BindingFlags.NonPublic);
DateTime expired = (DateTime) field.GetValue(anonymousIdData);

// why? just use Request.AnonymousID    
Debug.Assert(aId == anonymousId);
Sky Sanders  2010-03-19 23:13:13
Can you decrypt the cookie string?
Malcolm Frexner  2010-03-19 23:15:47
Yes, see update. but why?
Sky Sanders  2010-03-19 23:39:32
Valid question. I guess because I want to totally mess up my application :-)But the real nswer is this problem I have: http://stackoverflow.com/questions/2448720/different-users-get-the-same-cookie-value-in-aspxanonymous
Malcolm Frexner  2010-03-21 17:42:37

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data