0

I am doing forms authentication as follows:

                if (strRole != null)
            {
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                   1,                            // version
                   username,                      // user name
                   DateTime.Now,                 // create time
                   DateTime.Now.AddSeconds(500),  // expire time
                   false,                        // persistent
                   strRole);                     // user data

                string strEncryptedTicket = FormsAuthentication.Encrypt(ticket);
                HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, strEncryptedTicket);
                Context.Response.Cookies.Add(cookie);
                return true;
            }

then on another page i have jQuery as follows

$.ajax({
    type: "POST",
    crossOrigin: true,
    url: "./WebService.asmx/Login",
    data: JSON.stringify({'username':username,'password':password}),
    contentType: "application/json; charset=utf-8",
    dataType: "json",
    success: function (response) {
        if (response.d === true) {
            $(location).attr('href', '/dash/dashboard.aspx')
        }
        else {
            ShowErrorModal("Invalid login or password.","login");
        }
    }
});

the issue is in the on_load event of dashboard.aspx page, the following is always false

HttpContext.Current.User.Identity.IsAuthenticated

the question is what does it consider user is not authenticated.

any help will be much appreciated.

Improve this question
5
  • It seems almost ok. Did you debug and see the username/password get passed properly? Commented Dec 13, 2016 at 5:55
  • yes, i have inspected the "cookie" variable and there is data within. Commented Dec 13, 2016 at 5:59
  • Ajax looks fine. I guess, the issue is with the C# code. What's the strRole for and does it get the value? Commented Dec 13, 2016 at 6:05
  • strRole is the users role, which is custom and i add it. i havent reached the point where i can access it because it leads me to believe that user is not authenticated. Commented Dec 13, 2016 at 6:09
  • Ah! Great. Good to know that. What have you done in that file? Commented Dec 13, 2016 at 6:17

1 Answer 1

Reset to default
1

Adding the following solved in global.asax.cs the problem

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        string cookieName = FormsAuthentication.FormsCookieName;
        HttpCookie authCookie = Context.Request.Cookies[cookieName];

        if (authCookie == null)
        {
            return;
        }
        FormsAuthenticationTicket authTicket = null;
        try
        {
            authTicket = FormsAuthentication.Decrypt(authCookie.Value);
        }
        catch
        {
            return;
        }
        if (authTicket == null)
        {
            return;
        }
        string[] roles = authTicket.UserData.Split(new char[] { '|' });
        FormsIdentity id = new FormsIdentity(authTicket);
        GenericPrincipal principal = new GenericPrincipal(id, roles);

        Context.User = principal;
    }

Taken from https://stackoverflow.com/a/8490241/1144596

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.