Stack Overflow
Stack Overflow

Questions tagged [formsauthenticationticket]

54 questions
15
votes
1 answer

OWIN Self-Host CookieAuthentication & Legacy .NET 4.0 Application / FormsAuthenticationTicket

I have two bounded contexts: ASP.NET 4.0 MVC/WebForms Application OWIN Self-Hosted w/ ASP.NET Web API 2 The former is an existing well-established product, however, its lack of architecture (SmartUI) has led to an difficult-to-maintain codebase…
Daniel
  • 1,843
  • 2
  • 18
  • 27
14
votes
1 answer

FormsAuthenticationTicket.expiration v web.config value timeout

This is an MVC2 website, I am having a problem with a FormsAuthentication ticket. A user timeouts after 30 minutes cannot re-login. During testing, the DateTime.Now.AddMinutes(30) value was set to 5000 and everything was ok, but it has now changed…
Don
  • 426
  • 1
  • 4
  • 9
13
votes
1 answer

What's the use for FormsAuthenticationTicket.Version property?

As I was going through creating my authentication mechanism in an application when I stumbled upon the FormsAuthenticationTicket.Version property. The docs do not exemplify any use case and I found no reference for it's use anywhere else. Did…
tucaz
  • 6,524
  • 6
  • 37
  • 60
12
votes
1 answer

Maximum Length of FormsAuthenticationTicket.UserData Property

I am implementing a Custom Identity class for an ASP.Net 4.0 site with Forms Authentication based on this tutorial: Forms Authentication Configuration and Advanced Topics I would like to store extra user information (First/Last Name, Gender,…
Greg
  • 8,574
  • 21
  • 67
  • 109
9
votes
2 answers

Is Forms Authentication Ticket safe enough?

When a user logs in based on default Forms Authentication method, the server creates a cookie containing encrypted data (using Machine Key as key for encryption). It means that if someone find/guess/access Machine Key for the server, he will be…
Amir Pournasserian
  • 1,600
  • 5
  • 22
  • 46
9
votes
1 answer

FormsAuthentication.SetAuthCookie vs FormsAuthentication.Encrypt

Question #1: Is setAuthCookie any less safe than FormsAuthentication.Encrypt(ticketVariable)? I mean if anyone tries to modify the cookie created by setAuthCookie, by modifying the username, I suppose that'll violate the authentication on subsequent…
DotNet98
  • 727
  • 3
  • 12
  • 24
6
votes
1 answer

Can a FormsAuthenticationTicket survive an app pool recycle?

I am looking for a solution where we can make a FormsAuthenticationTicket (and corresponding cookie) with a very long expiration period. This is possible by setting a high value or using a sliding expiration, but when the application pool of the…
Gerrie Schenck
  • 22,148
  • 20
  • 68
  • 95
5
votes
0 answers

Sharing Owin Cookie Authentication and legacy Forms Authentication cookie based

In our company, we have a large base of application built with Asp.net Web Forms 4.0 that use forms authentication as a single-sign-on authentication. Configured something like this:
Adriano Teixeira de Souza
  • 61
  • 1
5
votes
2 answers

Check authentication ticket expiration without affecting it

I am trying to implement a Web Application Project where my web pages can check the server for the Authentication ticket expiration date/time using AJAX. I am using Forms Authentication with slidingExpiration. The problem I run across is I can't…
Francis C
  • 51
  • 4
3
votes
1 answer

Authenticate MembershipUser without password?

Is it possible to authenticate a MembershipUser without a password. I have gues user accounts and whihc have temporary passwords, however i do not required these users to actually login. I want to automatically authenticate them back on their…
Nugs
  • 5,503
  • 7
  • 36
  • 57
3
votes
2 answers

Prevent a page or handler from updating the FormsAuthentication ticket

I have several apps on a single domain that share the formsauthentication ticket for single sing-on. We also have javascript on each page that will warn the user 2 minutes prior to his session expiration and allow him to logout or extend his…
Jason Butera
  • 2,376
  • 3
  • 29
  • 46
3
votes
2 answers

Roles authentication is not working in asp.net

I am using the code below to access a page base based upon user authentication if (user.FirstOrDefault() == HashedPassword) { string roles = "Member"; // Create the authentication ticket FormsAuthenticationTicket authTicket = new …
Mervin
  • 725
  • 2
  • 16
  • 37
3
votes
2 answers

right way to have role based custom auth query database on every request asp.net mvc

This may be a slightly ignorant question but Im new to mvc so Im sorry! I studied the nerd dinner auth model but In my app I have a complicated role based authentication. So What I do is this: void MvcApplication_PostAuthenticateRequest(object…
gideon
  • 19,329
  • 11
  • 72
  • 113
2
votes
1 answer

Re-Initialize context.User after FormsAuthenticationTicket timeout

In our application we have implemented role-based forms authentication. This has been handled using a RoleModule, where we save the Role data in cookie, and each time we read the data from the cookie and instantiate the IPrincipal object. This code…
vpuri
  • 39
  • 1
  • 10
2
votes
1 answer

MVC 3 Cookies not working

I am using forms authentication for an MVC website and I am having a problem adding Cookies, I am using an Encrypted Forms Authentication Ticket and adding it to the Cookies but when inspecting my cookies it is there (by name "AuthCookie") but the…
Andy Clark
  • 3,363
  • 7
  • 27
  • 42
1
2 3 4