Problem with FormsAuthentication

  • Thread starter Thread starter David
  • Start date Start date
D

David

Hi all,

I am having a slight issue with FormsAuthentication.

I need to authenticate a user and while the page is still being processed,
need to work with that authenticated user. I have set up a test page as
follows...

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
Label1.Text = User.Identity.IsAuthenticated.ToString();
}

private void Button1_Click(object sender, System.EventArgs e)
{
FormsAuthentication.SetAuthCookie("David", false);
Label2.Text = User.Identity.Name;
Label3.Text = "Sign In Button Clicked";
}

private void Button2_Click(object sender, System.EventArgs e)
{
FormsAuthentication.SignOut();
Label2.Text = User.Identity.Name;
Label3.Text = "Sign Out Button Clicked";
}

When I click button1, I need label2.text to show "David", however, it does
not do this until I refresh the page (I can even click the sign out button,
then it will show "David" but only once.)

If I click button2, I expect it to sign me out, but as demonstrated, it
doesn't sign out straight away.

How else can I do this, without setting up a boolean property? I have done
some searching. The results suggest that when I SetAuthCookie or SignOut,
then I am logged in (or out, as the case may be).

Thanks.

Best regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Local franchises available
 
David said:
private void Button1_Click(object sender, System.EventArgs e)
{
FormsAuthentication.SetAuthCookie("David", false);
Label2.Text = User.Identity.Name;
Label3.Text = "Sign In Button Clicked";
}
Click to expand...


Why not:

private void Button1_Click(object sender, System.EventArgs e)
{
FormsAuthentication.SetAuthCookie("David", false);
Label2.Text = "David";
Label3.Text = "Sign In Button Clicked";
}

As in, you already have everything you need to know about the user when
you authorize him. Why would you want to look anything back up?

To answer your question though, take a look at the name of the method
you're calling: SetAuthCookie(). You are setting a cookie, which will
be sent along with the HTTPHeaders to the browser, and be returned to
you at the next request from that browser. At that point you'll be
able to read it. Before that, it's not part of the Cookies collection,
and thus not parsed by the ASP.NET helper functions that drop its value
back into User.Identity for you.

Hope this helps.


Jason Kester
Expat Software Consulting Services
http://www.expatsoftware.com/
 
jasonkester said:
Why not:

private void Button1_Click(object sender, System.EventArgs e)
{
FormsAuthentication.SetAuthCookie("David", false);
Label2.Text = "David";
Label3.Text = "Sign In Button Clicked";
}

As in, you already have everything you need to know about the user when
you authorize him. Why would you want to look anything back up?

To answer your question though, take a look at the name of the method
you're calling: SetAuthCookie(). You are setting a cookie, which will
be sent along with the HTTPHeaders to the browser, and be returned to
you at the next request from that browser. At that point you'll be
able to read it. Before that, it's not part of the Cookies collection,
and thus not parsed by the ASP.NET helper functions that drop its value
back into User.Identity for you.

Hope this helps.


Jason Kester
Expat Software Consulting Services
http://www.expatsoftware.com/
Click to expand...

Hi,

The example I posted was just a test to demonstrate what happens.

I know that SetAuthCookie sends a cookie down to the browser so that other
pages can read it later. What I was thinking was that it might also set a
flag somewhere in .NET whilst the page is running, showing me that the user
is Authenticated. Something like setting the Context properties, such as
User.Identity.IsAuthenticated = true and User.Identity.Name = "David".
Obviously not, so, I need to check the page later to see if the user is
Authenticated whilst the page is still running. How can I do this?

As an added information... the FormsAuthentication is done in a user
control. In the parent page, I am also checking if the
User.Identity.IsAuthenticated is set. As the two Identity values are only
gets, I need an alternative way to set them other than a round trip from the
browser.

Best regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Local franchises available
 
Back
Top