Is the value of Identity.Name accessable at client side?

A

Arjen

I wonder if the value of Identity.Name is visible (any way) at the client
side?

So, it is safe to use the userID as cookie name?

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
user.Id.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), false, "",
FormsAuthentication.FormsCookiePath);

System.Web.HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket)));
Thanks!
 
A

Alexey Smirnov

I wonder if the value of Identity.Name is visible (any way) at the client
side?

So, it is safe to use the userID as cookie name?

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
user.Id.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), false, "",
FormsAuthentication.FormsCookiePath);

System.Web.HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket)));
Thanks!
Click to expand...

In your example, user.Id.ToString() is not a cookie name, it's a user
name associated with the FormsAuthenticationTicket. Cookie name is set
by the FormsCookieName property value from the Web.config file. Sure,
you can set any other name there, but it depends on what you are
doing. In your example, cookies used to keep authentication ticket and
automatically log the user in. If you will specify a name other than
in the web.config the login will not work.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FormsAuthentication.SignOut() not working when manually creatinga ticket? 3
Hash Passwords 1
Thread was being aborted 6
cookie lost when browing with Windows Explorer 1
Login Securiuty 1
Authorization cookie not valid for subdomains ? 2
forms authentication woes 3
DateTime.Now 1

Top