How to get a newly authenticated user?

Question

How to get a newly authenticated user?

I work with MVC 3, and I just implemented a wrapper for FormsAuthenticationService.

Something similar to the following.

public void SignIn(string username, bool createPersistantCookie) { if (string.IsNullOrEmpty(username)) throw new ArgumentException("Value Cannot be null or empty", "username"); FormsAuthentication.SetAuthCookie(username, createPersistantCookie); }

Reluctantly, I got this to work, but now I'm not quite sure how to get the information I saved.

Once a user logs into my system, how can I now safely get this information if I need to retrieve my UserID from the database?

+1

security authentication c # cookies asp.net-mvc-3

TheJediCowboy Sep 23 '11 at 4:10

source share

2 answers

In fact, you did not save the user ID in the database. All the code you wrote stores the authentication cookie on the user's computer, either as a session cookie (non-permanent) or as a permanent one.

When your page refreshes, it will automatically receive a cookie, decrypt it and populate the IPrincipal object, access to which you will get from the User.Current property of your controller.

+1

Erik funkenbusch Sep 23 '11 at 4:15

source share

Chris baxter · Accepted Answer · 2011-09-23T04:42:26+0000

Based on the additional information, you want to save additional data using the FormsAuthentication ticket. To do this, you first need to create a custom FormsAuthentication ticket:

Data storage

Take the current HttpContext (without worrying about testability)

 var httpContext = HttpContext.Current;

Determine when the ticket expires:

 var expires = isPersistent ? DateTime.Now.Add(FormsAuthentication.Timeout) : NoPersistenceExpiryDate; // NoPersistenceExpiryDate = DateTime.MinValue

Create a new FormsAuthentication ticket to save your user data.

 var authenticationTicket = new FormsAuthenticationTicket( 1, username, DateTime.Now, DateTime.Now.Add(FormsAuthentication.Timeout), isPersistent, "My Custom Data String"); //Limit to about 1200 bytes max

Create your HTTP cookie

 new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authenticationTicket)) { Path = FormsAuthentication.FormsCookiePath, Domain = FormsAuthentication.CookieDomain, Secure = FormsAuthentication.RequireSSL, Expires = expires, HttpOnly = true };

And finally add the answer

 httpContext.Response.Cookies.Add(cookie);

Data retrieval

Then you can get data about subsequent requests by analyzing the stored authentication ticket ...

Grab the current HttpContext again

 var httpContext = HttpContext.Current

Check if the request has been authenticated (call to Application_AuthenticateRequest or OnAuthorize)

 if (!httpContext.Request.IsAuthenticated) return false;

Check if you have a ticket for FormsAuthentication and that it has not expired:

 var formsCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; if (formsCookie == null) return false;

Get a FormsAuthentication Ticket:

 var authenticationTicket = FormsAuthentication.Decrypt(formsCookie.Value); if (authenticationTicket.Expired) return false;

And finally, extract your data:

 var data = authenticationTicket.UserData;

How to get a newly authenticated user?

More articles: