tags:

views:

459

answers:

4
+1  Q: 

user is authenticated but Ticket.UserData is missing

I have the following code:

if (HttpContext.Current.Request.IsAuthenticated == false)
{
    // this isn't reached so i know user is Authenticated
    return;
}
FormsIdentity fIdentity = HttpContext.Current.User.Identity as FormsIdentity;
string[] delimitedUserData = fIdentity.Ticket.UserData.Split('|');
// but at this point delimitedUserData.Length is 0

Any ideas on what would cause the authentication ticket to be valid yet the UserData is gone?

My program usually works just fine and all the UserData is readily accessible. But every once in awhile I get into this state where the UserData is not there.

A: 

The ticket is stored in a cookie. What happens in your code when you access a page just after the cookie has expired?

Also note that User.Identity.IsAuthenticated returns true out of the box, so that property is perhaps not the best thing to test on?

Thomas Eyde  2009-02-22 18:06:45
A: 

By itself, FormsAuthentication doesn't put anything into your UserData. It'd be worth putting a breakpoint near where you handle ticket creation (and the creation of your UserData) and tracing through the path it takes.

As your bug is intermittent, it'll probably be hard to force it to trigger. A place to start could be tracing through how it handles the cookie expiring, or when a cookie is invalid.

If you're using Firefox, I recommend using the "Add N Edit Cookies" plugin: https://addons.mozilla.org/en-US/firefox/addon/573

teedyay  2009-02-22 18:15:34
A: 

Hi

Not sure if this is the best approach as I'm still fairly new to asp.net, but the way that I do this on the login is to set a session value that I can check in later pages - that way, if the cookie is missing, I should not be able to get the value back so I can transfer to the login page.

So, directly after the login (in the _LoggedIn event), I do:

        // write ClientID to the session
        Session.Add("ClientID", lClientID);

then on the load of each page behind the login, I do:

if (User.Identity.IsAuthenticated == false || Convert.ToInt32(Session["ClientID"]) == 0)
    {
        Server.Transfer("Login.aspx");
    }

So far, it's worked pretty well for me.

Nils  2009-02-23 12:56:13
A: 

i am searching for the same issue and find the problem that, i used "FormsAuthentication.RedirectFromLoginPage" to add cookie. i changed into "response.cookies.add". and its working.

 2009-08-18 05:39:35

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?