ASP.NET MVC 3 using Authentication

by

Save the UserID in the UserData property of the FormsAuthentication ticket in the authorization cookie when the user logs on:

string userData = userID.ToString();

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.Email,
    DateTime.Now, DateTime.Now.AddMinutes(FormsAuthentication.Timeout.TotalMinutes),
    createPersistentCookie, userData);
string hashedTicket = FormsAuthentication.Encrypt(ticket);

HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashedTicket);
HttpContext.Current.Response.Cookies.Add(cookie);

You can read it back in the PostAuthenticateRequest method in Global.asax:

HttpCookie formsCookie = Request.Cookies[FormsAuthentication.FormsCookieName];

if (formsCookie != null)
{
    FormsAuthenticationTicket auth = FormsAuthentication.Decrypt(formsCookie.Value);

    Guid userID = new Guid(auth.UserData);

    var principal = new CustomPrincipal(Roles.Provider.Name, new GenericIdentity(auth.Name), userID);

    Context.User = Thread.CurrentPrincipal = principal;
}

Note that in this case, CustomPrincipal derives from RolePrincipal (although if you’re not using Roles, I think you need to derive from GenericPrincipal), and simply adds the UserID property and overloads the constructor.

Now, wherever you need the UserID in your app, you can do this:

if(HttpContext.Current.Request.IsAuthenticated)
    Guid userID = ((CustomPrincipal)HttpContext.Current.User).UserID;

More Related Contents:

  1. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  2. What’s the difference between OpenID and OAuth?
  3. Single Sign On across multiple domains [closed]
  4. How can I extend ServiceStack Authentication
  5. Socket.IO Authentication
  6. Why is there an “Authorization Code” flow in OAuth2 when “Implicit” flow works so well?
  7. Forgot Password: what is the best method of implementing a forgot password function?
  8. How to use UrlFetchApp with credentials? Google Scripts
  9. how to implement login auth in node.js
  10. What is the purpose of a “Refresh Token”?
  11. What if JWT is stolen?
  12. Kafka SASL zookeeper authentication
  13. How to get a JWT?
  14. What are the main differences between JWT and OAuth authentication?
  15. CSRF Token necessary when using Stateless(= Sessionless) Authentication?
  16. What is the Authorized Javascript Origin for a webapp powered by Google Script?
  17. IIS7: Setup Integrated Windows Authentication like in IIS6
  18. OWIN – Authentication.SignOut() doesn’t seem to remove the cookie
  19. How to use Windows Active Directory Authentication and Identity Based Claims?
  20. In Subversion can I be a user other than my login name?
  21. Microservice Authentication strategy
  22. Single sign-on flow using JWT for cross domain authentication
  23. Where can I find a list of OpenID Provider URLs? [closed]
  24. How to use Github Personal Access Token in Jenkins
  25. Customize Authentication – Login Symfony2 Messages
  26. How to use Client Certificate Authentication in iOS App
  27. Multiple IdentityServer Federation : Error Unable to unprotect the message.State
  28. Trouble getting ClaimsPrincipal populated when using EasyAuth to authenticate against AAD on Azure App Service in a Asp.Net Core web app
  29. How does OpenID authentication work?
  30. Web API 2, OWIN Authentication, SignOut doesn’t logout

Leave a Comment