Is the value of Identity.Name accessable at client side?

  • Thread starter Thread starter Arjen
  • Start date Start date
A

Arjen

I wonder if the value of Identity.Name is visible (any way) at the client
side?

So, it is safe to use the userID as cookie name?

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
user.Id.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), false, "",
FormsAuthentication.FormsCookiePath);

System.Web.HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket)));
Thanks!
 
I wonder if the value of Identity.Name is visible (any way) at the client
side?

So, it is safe to use the userID as cookie name?

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
user.Id.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), false, "",
FormsAuthentication.FormsCookiePath);

System.Web.HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket)));
Thanks!
Click to expand...

In your example, user.Id.ToString() is not a cookie name, it's a user
name associated with the FormsAuthenticationTicket. Cookie name is set
by the FormsCookieName property value from the Web.config file. Sure,
you can set any other name there, but it depends on what you are
doing. In your example, cookies used to keep authentication ticket and
automatically log the user in. If you will specify a name other than
in the web.config the login will not work.
 
Back
Top