piggy-back on Forms Authentication cookie?

[Paul W]

Using Forms Authentication, I'd like to 'piggy-back' a small piece of
information onto the authentication cookie.

I tried the following, but this seems to invalidate the cookie, so
IsAuthenticated becomes false:


System.Web.Security.FormsAuthentication.SetAuthCookie(Username, False)

Dim secCookie As HttpCookie

secCookie = HttpContext.Current.Response.Cookies("Tenni") ' "Tenni" is
the name of the auth cookie

secCookie("F") = myFacilityID.ToString '<<<piggy-back info

Any ideas out there? Thanks,

Paul.

 

[Scott Allen]

Hi Paul:

you can piggyback data in the cookie, but since the forms auth cookie
is encrypted and hashed to prevent tampering it takes some extra work.
I believe this document will help you out:
http://www.pluralsight.com/articlecontent/efficientRoleBasedAuthentication.pdf

 

[Guest]

Looking at what you are aiming to do, I see no reason you should place this
in the forms auth cookie. I can, however, understand, the thought process.

Authentication coookies are encrypted, so you cannot simply add a field to
them. If you desire additional information in this particular cookie, rather
than persisting by user ID on the server (a better idea), your best bet is to
add the information via a custom provider.

The main question is whether or not the 2.0 Framework (waiting for this
summer?) is an option, as the entire concept of membership is abstracted for
you in 2.0. It is not necessarily a fix to the way you want to do things, but
should solve your issue. To retro 1.x with the necessary info (except storing
additional info on your server) is a bit of a pain. Just my two cents.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[Paul W]

Remarkable find! Exactly what I was looking for. It even uses the phrase "
Piggybacking data with FormsAuthenticationTicket"

Thanks,



Paul.