Home/ Questions/Q 8792877
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T23:02:42+00:00

I am calling a service, and I need to pass the user’s permanent security

  • 0

I am calling a service, and I need to pass the user’s permanent security token with every request I make.

In order to do that, I’ve added this method to my base controller class: 

protected UserData getUsr()
{
        try
        {
            UserData usr = new UserData();
            usr.SecurityToken = Session["secToken"].ToString();

            MembershipUser mvcUser = Membership.GetUser(HttpContext.User.Identity.Name);
            usr.Id = (int)mvcUser.ProviderUserKey;

            return usr;
        }
        catch (Exception ex)
        {
            log.Debug("Could not create usr object", ex);
            throw new Exception("Could not authenticate");
        }
    }

This issue here is that sometimes the User.Identity data out-lasts the session data, causing weird bugs to happen with the user seeing they are logged in but then their requests failing.

Is there a better way to store this token/can I store it in such a way that it will expire whenever the User.Identity object expires?

Also, if anyone knows of some good basic understanding examples/documentation for HttpContext and MVC authorize filters that would be great.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would go for storing the security token of the user in the forms authentication cookie itself. The FormsAuthenticationTicket class contains an UserData property where you can include your additional information.

    The value specified in the UserData property is included as part of
    the authentication ticket cookie and, like the other ticket fields, is
    encrypted and validated based on the forms authentication system’s
    configuration.

    Here is an article that described how you can store additional information to the forms authentication cookie.

    This is a big article that explains much about storing additional data into the forms auth. cookie and how you could read it. The code is written in VB and not well formatted. You have to scroll down to the Step 4: Storing Additional User Data in the Ticket.

    This thread will give you a quick answer how you could read the UserData from the cookie.

    I would go for creating a custom ValueProvider like the one described here that will read the security token from the auth. cookie and feed to the action parameters.

    • 0