Home/ Questions/Q 7742249
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T09:13:52+00:00

Im trying to make my own FormsAuthentication in an ASP.NET MVC 4 application and

  • 0

Im trying to make my own FormsAuthentication in an ASP.NET MVC 4 application and I have seen two different ways of creating my authcookie and I was wondering if one of them is having any disadvantages or if it is safe to use them both and are there any other differences I should know about before I decide witch to use?

the first one is

FormsAuthentication.SetAuthCookie(userName, rememberMe);

the other one is a bit longer

            var authTicket = new FormsAuthenticationTicket(
            1,
            userName,
            DateTime.Now,
            DateTime.Now.AddMinutes(30),
            rememberMe,
            "Users"
            );
        var encryptedTicket = FormsAuthentication.Encrypt(authTicket);

        var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
        HttpContext.Current.Response.Cookies.Add(authCookie);

please enlighten me about this decision

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Actually, the first method calls the second method. I have taken the source of the SetAuthCookie to show this, but removed some lines to keep it relevant:

    public static void SetAuthCookie(string userName, bool createPersistentCookie)
{
    FormsAuthentication.Initialize();
    FormsAuthentication.SetAuthCookie(userName, createPersistentCookie, FormsAuthentication.FormsCookiePath);
}

public static void SetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath)
{
    (...)
    HttpCookie authCookie = FormsAuthentication.GetAuthCookie(userName, createPersistentCookie, flag ? "/" : strCookiePath, !flag);
    (...)
    HttpContext.Current.Response.Cookies.Add(authCookie);
    (...)
}

private static HttpCookie GetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath, bool hexEncodedTicket)
{
    (...)
    DateTime utcNow = DateTime.UtcNow;
    DateTime expirationUtc = utcNow.AddMinutes((double) FormsAuthentication._Timeout);
    FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
    string str = FormsAuthentication.Encrypt(ticket, hexEncodedTicket);
    (...)
    HttpCookie httpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, str);
    (...)
    return httpCookie;
}
    • 0