FormsAuthentication.SetAuthCookie in Generic Handler ashx

Question

I have an Generic Handler where I would like to auto-login based on some querystrings.

But then I set FormsAuthentication.SetAuthCookie(user.Name, false), but HttpContext.Current.User.Identity.IsAuthenticated return false, and I can't redirect because of the limits set in web.config.

So how do I set FormsAuthentications in an .ashx-file?

Do you want to use that ashx as way to login? – csg Apr 03 '13 at 06:20 — csg, Apr 03 '13 at 06:20

score 1 · Answer 1 · answered Apr 04 '13 at 06:43

To perform a login using the FormsAuthentication module, you may want to just use the RedirectFromLoginPage static method, which, under the covers:

prepares the authentication token;
encrypts it;
adds it to the cookie collection of the response;
performs the redirect to the required page (or the default one, as per your web.config).

Here is a short prototype for your handler:

public void ProcessRequest(HttpContext context)
{
    // TODO: Determine the user identity

    var username = context.Request.QueryString["username"];

    FormsAuthentication.RedirectFromLoginPage(username, true);
}

If you are not comfortable by the way this method performs its job, you may do each activity in a manual way:

prepare a FormsAuthenticationTicket with the user name;
encrypt it by way of the Encrypt method;
add it to the response Cookies;
issue a redirect.

score 0 · Answer 2 · answered Apr 04 '13 at 15:26

Have you tried adding it as a location path in the web.config?

<configuration>
   <location path="foo.ashx">
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
   </location>
   <location >
      <system.web>
         <authorization>
            <allow users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>

FormsAuthentication.SetAuthCookie in Generic Handler ashx

2 Answers2