tags:

views:

139

answers:

3
Q: 

How to check ASP.NET Forms Authentication Status Using Only JavaScript?

The reason i need to do this is because of Facebook Connect - which is another story, so i'll save you the drama for that. =)

Anyway, i have this function that runs on window.onload:

function userAuth() {
   SomeFunctionWhichGetsFacebookCookes();
   if (!loggedInUsingFormsAuth && loggedInViaFacebook) {
     window.location.reload(); // refresh page, so i can perform auto-login
   }
}

So, i need help in getting the flag "loggedInUsingFormsAuth".

I dont care what is in the cookie, just need to know if the current user is authenticated.

Why am i doing this?

Well, on window load, if the user is logged into Facebook but not on my website (according to the Forms Authentication cookie), i want to reload the page - which allows my ASP.NET website to read the Facebook cookies in the HttpContext and log the user in. I need to do this in JavaScript, because i dont have the Facebook cookies until i call "SomeFunctionWhichGetsFacebookCookies" - which can only be done in JavaScript.

So, how can i work out if the current user is authenticated via JavaScript? Do i have to manually traverse through the cookies, find the one i want, and inspect it? Is this a safe thing to do?

Or should i alternatively write out the flag to the client from the server using RegisterClientScript?

A: 

A better way to do it than you have described inn your comment is to create a simple web service that you call to retrieve the value.

Ben Robinson  2010-07-20 07:48:49
Then ill need an extra call to the server, which i dont want. I render out the javascript on Page_PreRender, now im just rendering it with the value from the server.
RPM1984  2010-07-20 10:14:12
A call to the server is real time, checking a javascript variable will tell you the user is logged in when in fact their session has expired.
Ben Robinson  2010-07-20 10:42:30
In theory, you're correct - but in fact im registering the javascript on page load, then checking the cookie immediately in the same javascript- in other words, in real time (page loads, check auth, set auth in javascript, javascript runs immediately and checks auth). Anyway thanks for the answer.
RPM1984  2010-07-20 11:58:49
A: 

As i am registering the JavaScript via the server on every page load, i decided to set the HttpContext.Current.Request.IsAuthenticated property into the JavaScript itself.

In other words i had some JavaScript defined in the C# itself:

public class SomeClassWhichHasAccessToHttpContext
{
   private const string MyScript = "var foo='{0}'";

   public static string GetMyScript()
   {
      return string.Format(MyScript, HttpContext.Current.Request.IsAuthenticated);
   }
}

Then on the HTML for my main master page:

<%= SomeClassWhichHasAcccessToHttpContext.GetMyScript() =>

Normally i would not opt for a solution like this, i would normally call an asynchronous web service (as Ben's answer's mentions). But the fact is that this property and JavaScript is evaluated on a page-request basis, so the evaluation of this property will never be stale for each given HTTP Request.

RPM1984  2010-07-21 05:44:37
A: 

You could add the following to your web.config file.

<system.web.extensions>
     <scripting>
    <webServices>
         <!-- Allows for ajax.net user authentication -->
         <authenticationService enabled="true" requireSSL="false" />
    </webServices>
     </scripting>
</system.web.extensions>

and then you are able to find out via javascript if you are authenticated like so.

function isAuth() {
    var result = Sys.Services.AuthenticationService.get_isLoggedIn();
    return result;
}
Chad  2010-07-28 03:56:24
Interesting, but its still doing a call to the server behind the scenes.
RPM1984  2010-07-28 04:04:38

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps