Cannot retrieve cookie

1
votes

Using FormsAuthentication, I am creating a FormsAuthenticationTicket, encrypting, adding this to a cookie using Response.Cookies.Add(authCookie). I then do a redirect using Response.Redirect to the original page that was requested. There is code in the Global.asax in the Application_AuthenticateRequest method that looks to retrieve the cookie - HttpCookie authCookie = Context.Request.Cookies[cookieName]. For some reason, however, when it hits the Global.asax code after the redirect is called, there are no cookies in the collection. At this point, I am a bit stumped as to why it is losing the cookie from the collection. Any thoughts as to why this would happen? Right now, I am just working within localhost.

Login Page Code:

    string adPath = "LDAP://ldapserveraddress";

    LdapAuthentication adAuth = new LdapAuthentication(adPath);
    try
    {
        if (true == adAuth.IsAuthenticated("ES", txtUsername.Text, txtPassword.Text))
        {
            string groups = adAuth.GetGroups();


            //Create the ticket, and add the groups.
            bool isCookiePersistent = chkPersist.Checked;
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
                      txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups);

            //Encrypt the ticket.
            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

            //Create a cookie, and then add the encrypted ticket to the cookie as data.
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

            if (true == isCookiePersistent)
                authCookie.Expires = authTicket.Expiration;

            //Add the cookie to the outgoing cookies collection.
            Response.Cookies.Add(authCookie);

            string redirect = FormsAuthentication.GetRedirectUrl(txtUsername.Text, false);
            //You can redirect now.
            Response.Redirect(redirect,false);
        }
        else
        {
            errorLabel.Text = "Authentication did not succeed. Check user name and password.";
        }
    }
    catch (Exception ex)
    {
        errorLabel.Text = "Error authenticating. " + ex.Message;
    }
}

Global.asax Code (Application_AuthenticateRequest):

    string cookieName = FormsAuthentication.FormsCookieName;
    HttpCookie authCookie = Context.Request.Cookies[cookieName];

    if (null == authCookie)
    {
        //There is no authentication cookie.
        return;
    }
    FormsAuthenticationTicket authTicket = null;
    try
    {
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    }
    catch (Exception ex)
    {
        //Write the exception to the Event Log.
        return;
    }
    if (null == authTicket)
    {
        //Cookie failed to decrypt.
        return;
    }
    //When the ticket was created, the UserData property was assigned a
    //pipe-delimited string of group names.
    string[] groups = authTicket.UserData.Split(new char[] { '|' });
    //Create an Identity.
    GenericIdentity id = new GenericIdentity(authTicket.Name, "LdapAuthentication");
    //This principal flows throughout the request.
    GenericPrincipal principal = new GenericPrincipal(id, groups);
    Context.User = principal;
}`
1
c#cookiesforms-authentication
Can you show some code?xspydr
Are you redirecting to a url that belongs to a different domain and setting a domain cookie.Saravanan
The redirect is simply to the originally requested page. In this case, it was to Default.aspx. In the address bar when it redirects to the Login page, it shows: localhost:64432/Login?ReturnUrl=%2fDefault.aspxTodd Zetlan

1 Answers

1
votes

I was able to resolve my issue by adjusting the data that was being stored in the userData of the FormsAuthenticationTicket. It appears as though the amount of data that I was trying to insert exceeded a maximum. Once I removed, everything works as expected.