Home/ Questions/Q 6611263
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T19:56:53+00:00

I am working with MVC 3 and I have just implemented a wrapper for

  • 0

I am working with MVC 3 and I have just implemented a wrapper for the FormsAuthenticationService.

Something similar to the following.

public void SignIn(string username, bool createPersistantCookie)
{
    if (string.IsNullOrEmpty(username)) 
        throw new ArgumentException("Value Cannot be null or empty", "username");

    FormsAuthentication.SetAuthCookie(username, createPersistantCookie);
}

Reluctantly, I have gotten this to work, but now I am not quite sure how to get the information that I have stored.

Once the user is in my system, how can I now safely retrieve this information if I need to grab their UserID out of the database?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Based on the additional information provided, you want to store additional data with the FormsAuthentication ticket. To do so, you need first create a custom FormsAuthentication ticket:

    Storing Data

    Grab the current HttpContext (not worrying about testability)

    var httpContext = HttpContext.Current;

    Determine when the ticket should expire:

    var expires = isPersistent 
                ? DateTime.Now.Add(FormsAuthentication.Timeout) 
                : NoPersistenceExpiryDate; // NoPersistenceExpiryDate = DateTime.MinValue

    Create a new FormsAuthentication ticket to hold your custom data.

    var authenticationTicket = new FormsAuthenticationTicket(
                             1, 
                             username, 
                             DateTime.Now, 
                             DateTime.Now.Add(FormsAuthentication.Timeout), 
                             isPersistent, 
                             "My Custom Data String"); //Limit to about 1200 bytes max

    Create your HTTP cookie

    new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authenticationTicket))
  {
    Path = FormsAuthentication.FormsCookiePath,
    Domain = FormsAuthentication.CookieDomain,
    Secure = FormsAuthentication.RequireSSL,
    Expires = expires,
    HttpOnly = true
  };

    And finally add to the response

    httpContext.Response.Cookies.Add(cookie);

    Retrieving Data

    Then you can retrieve your data on subsequent requests by parsing the stored authentication ticket…

    Again, grab current HttpContext

    var httpContext = HttpContext.Current

    Check to see if the request has been authenticated (call in Application_AuthenticateRequest or OnAuthorize)

    if (!httpContext.Request.IsAuthenticated)
    return false;

    Check to see if you have a FormsAuthentication ticket available and that it has not expired:

    var formsCookie = httpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (formsCookie == null)
  return false;

    Retrieve the FormsAuthentication ticket:

    var authenticationTicket = FormsAuthentication.Decrypt(formsCookie.Value);
if (authenticationTicket.Expired)
  return false;

    And finally retrieve your data:

    var data = authenticationTicket.UserData;
    • 0