Home/ Questions/Q 8697973
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T01:38:29+00:00

i have two methodes : one for registering new user AddNewUser(MemberRegisterModel mm) , and

  • 0

i have two methodes : one for registering new user AddNewUser(MemberRegisterModel mm) , and another for creating cookie for him CreateCookie(MemberLoginModel member).
i want to use this cookie that has been created after registering to show username top of all page until he log off.

i traced my code and saw cookie was created.
i use this code in HeaderPartial.cshtml to give username from cookie.

<div id="top">
@if (HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName] != null)
  {
    HttpCookie cookie =
    HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);
    var formAuthTicket = FormsAuthentication.Decrypt(cookie.Value);
    string CookieValue = formAuthTicket.UserData.ToString();
    <text> welcome <b> @Html.Label(CookieValue)</b>! 
    [@Html.ActionLink("Log off", "logout", "Members", new { area = "Members" }, null)]
    </text>
}
else
{
 <text>Welcome Guest!</text>
    @:[ @Html.ActionLink("Log in", "Login", "Members", new { area = "Members" }, null)]

}

but it doesn’t work and shows error on this line:

    var formAuthTicket = FormsAuthentication.Decrypt(cookie.Value);

error:

Invalid value for ‘encryptedTicket’ parameter.

what should i do?
i want to show username top of all page, and all username’s db values in personal page of him.
and he will be log on and surf all page until he sign out.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you write the authentication cookie using FormsAuthentication, you do not need to decrypt and read the raw cookie value. You can just use @User.Identity.Name in your views.

    public ActionResult AddNewUser(MemberRegisterModel mm)
{
    ...
    FormsAuthentication.SetAuthCookie(mm.UserName, true || false);
    ...
    return Redirect("Index", "Home");
}


Hello, and welcome, <strong>@User.Identity.Name</strong>

    This is what SetAuthCookie looks like internally:

    public static void SetAuthCookie(string userName, bool createPersistentCookie)
{
    FormsAuthentication.Initialize();
    FormsAuthentication.SetAuthCookie(userName, createPersistentCookie, 
        FormsAuthentication.FormsCookiePath);
}

public static void SetAuthCookie(string userName, bool createPersistentCookie, 
  string strCookiePath)
{
  FormsAuthentication.Initialize();
  HttpContext current = HttpContext.Current;
  if (!current.Request.IsSecureConnection && FormsAuthentication.RequireSSL)
    throw new HttpException(System.Web.SR.GetString("Connection_not_secure_creating_secure_cookie"));
  bool flag = CookielessHelperClass.UseCookieless(current, false, FormsAuthentication.CookieMode);
  HttpCookie authCookie = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie, flag ? "/" : strCookiePath, !flag);
  if (!flag)
  {
    HttpContext.Current.Response.Cookies.Add(authCookie);
    current.CookielessHelper.SetCookieValue('F', (string) null);
  }
  else
    current.CookielessHelper.SetCookieValue('F', authCookie.Value);
}

private static HttpCookie GetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath, bool hexEncodedTicket)
{
  FormsAuthentication.Initialize();
  if (userName == null)
    userName = string.Empty;
  if (strCookiePath == null || strCookiePath.Length < 1)
    strCookiePath = FormsAuthentication.FormsCookiePath;
  DateTime utcNow = DateTime.UtcNow;
  DateTime expirationUtc = utcNow.AddMinutes((double) FormsAuthentication._Timeout);
  FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
  string str = FormsAuthentication.Encrypt(ticket, hexEncodedTicket);
  if (str == null || str.Length < 1)
    throw new HttpException(System.Web.SR.GetString("Unable_to_encrypt_cookie_ticket"));
  HttpCookie httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, str);
  httpCookie.HttpOnly = true;
  httpCookie.Path = strCookiePath;
  httpCookie.Secure = FormsAuthentication._RequireSSL;
  if (FormsAuthentication._CookieDomain != null)
    httpCookie.Domain = FormsAuthentication._CookieDomain;
  if (ticket.IsPersistent)
    httpCookie.Expires = ticket.Expiration;
  return httpCookie;
}

    Notice that it does in fact create a forms authentication ticket and encrypts the cookie,

    • 0