Home/ Questions/Q 7926435
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T18:46:16+00:00

I have a wcf webhttp service which uses forms authentication to authenticate users. This

  • 0

I have a wcf webhttp service which uses forms authentication to authenticate users. This works fine if the ticket comes in the cookie collection or in the url.

But now I want to send the string of the forms auth ticket in a custom http header and change the forms auth module to check for that header instead of the cookie.

I think it should be easy to extend forms auth to achive this, but could not find any resources of how to. Can you point me in the right direction ?

here’s how my authentication flow would work,

  1. A client calls the authenticate method with the username and pwd
  2. Service returns the encrypted ticket string
  3. Client send the received ticket string in a http header with every subsequent request
  4. Service checks for auth header and validates the auth ticket
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    FormAuthentication module is not extendible, but you could write your own authentication.
    It is very simple:

    Authentication(2):

    
var formsTicket = new FormsAuthenticationTicket(
    1, login, DateTime.Now, DateTime.Now.AddYears(1), persistent, String.Empty);
var encryptedFormsTicket = FormsAuthentication.Encrypt(formsTicket);
//return encryptedFormsTicket string to client

    Service call with attached ticket(4):

    
var ticket = FormsAuthentication.Decrypt(encryptedFormsTicket)
//extract authentication info from ticket: ticket.Name
    • 0