Is there any limit on the size/numbers in the version number of the FormsAuthenticationTicket.
I tried to create an ASP.NET cookie using forms authentication, with a large version number(ex: 1234567 need this number for identification purposes). But when I decrypt the cookie I get 135 as the version number.
Initially the old forms authentication cookie was removed, in order to add new information.
Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
Following is the code I used to create the FormsAuthentication cookie.
FormsAuthenticationTicket newAuthTicket = new FormsAuthenticationTicket(1234567, un, DateTime.Now, DateTime.Now.AddHours(5F), false, user_data);
HttpCookie newauthCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(newAuthTicket));
Response.Cookies.Add(newauthCookie);
After retrieving the cookie, the version number I got was 135. This number varies with different version numbers.
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (authCookie == null)
{
return;
}
FormsAuthenticationTicket authTkt = null;
authTkt = FormsAuthentication.Decrypt(authCookie.Value);
if (authTkt == null)
{
return;
}
int versionID = authTkt.Version;
Can someone let me know if it's a bad idea to use such big version numbers, or am I missing something in this.
Thanks for your help,
Vijay
make sure that the ticket name is not passed as null.
Related
Codes below is to update value into existing cookie.
These codes working fine but now the I have no idea why it breaks and unable to update the latest value into cookie. (Cookie keep showing first assigned value).
Example flows:
a) The first assigned value in cookie is "abc".
b) Update "123" as latest value into cookie.
c) Read cookie but value remains "abc".
I have tried in Microsoft Edge where the cookie updates worked as expected but no idea why google chrome is failed to update cookie.
string m_cookie = FormsAuthentication.FormsCookieName;
string m_Json = string.Empty;
HttpCookie m_httpCookie;
FormsAuthenticationTicket m_ticket;
m_httpCookie = System.Web.HttpContext.Current.Request.Cookies[m_cookie];
m_ticket = FormsAuthentication.Decrypt(m_httpCookie.Value);
m_Json = (JsonConvert.SerializeObject(new UserCredential1
{
UserName = "123",
ExpiredAt = "123",
AccessToken = "123",
TokenType = "123",
})).ToString();
var newticket = new FormsAuthenticationTicket(m_ticket.Version, m_ticket.Name,
m_ticket.IssueDate, dtNowAdd1min, false, m_Json, m_ticket.CookiePath);
m_httpCookie.Value = FormsAuthentication.Encrypt(newticket);
if (newticket.IsPersistent) m_httpCookie.Expires = newticket.Expiration;
System.Web.HttpContext.Current.Response.Cookies.Set(m_httpCookie);
m_httpCookie = System.Web.HttpContext.Current.Request.Cookies[m_cookie];
m_ticket = FormsAuthentication.Decrypt(m_httpCookie.Value);
UserCredential result = JsonConvert.DeserializeObject<UserCredential>(m_ticket.UserData);
I'm suspecting this happens due to Google Chrome Samesite settings?
Anyone have idea about this? Thanks in advance.
I can't for the life of me understand what I'm doing wrong here. I've searched high and low but everything I try doesn't seem to fix.
I'm trying to create a cookie that stores the first and last name of a user. If the user goes back and changes either the first or second name it should modify these subkeys in the userName cookie. This part doesn't seem to work though?
protected void btnContinue_Click(object sender, EventArgs e)
{
if (IsValid)
{
HttpCookie cookie = new HttpCookie("userName");
if (cookie != null)
{
Response.Cookies.Remove("userName");
cookie.Values["firstName"] = txtFirstName.Text;
cookie.Values["lastName"] = txtLastName.Text;
}
else
{
cookie.Values["firstName"] = txtFirstName.Text;
cookie.Values["lastName"] = txtLastName.Text;
}
cookie.Expires = DateTime.Now.AddMinutes(5);
Response.Cookies.Add(cookie);
}
Response.Redirect("~/Order.aspx");
}
The way to delete cookies on the client browser is to override them, setting the expires value to a date in the past.
When you use this code:
Response.Cookies.Remove("userName");
you only delete the cookie on server, which Means it's not sent to the client. This Means the old cookie on the client is kept.
To delete the old cookie:
HttpCookie cookie = new HttpCookie("olduserName");
cookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(cookie);
Here 'oldusername' contain the previous value of 'username'.
Edit:
Another way is to name your cookie with a name that doesn't change, ever, then you can simply override it with the new value, when username changes.
Edit2:
I actually made the same mistake as you did, you should use:
Response.Cookies.Set(cookie);
When using Add there can be more than one Cookie with the same name. This is most likely your problem (sorry, I did not see that before).
Edit2:
Just saw this line now:
Response.Redirect("~/Order.aspx");
You are redirecting! Then the cookies are not set on the client.
Instead you should set the cookies in "~/Order.aspx".
I have seen the persistent cookies examples in ASP.NET MVC C# here on stackoverflow.
But I can't figure out why the code below isn't working.
First I write to the cookie:
HttpCookie cookie = new HttpCookie("AdminPrintModule");
cookie.Expires = DateTime.Now.AddMonths(36);
cookie.Values.Add("PrinterSetting1", Request.QueryString["Printer1"]);
cookie.Values.Add("PrinterSetting2", Request.QueryString["Printer2"]);
cookie.Values.Add("PrinterSetting3", Request.QueryString["Printer3"]);
Response.Cookies.Add(cookie);
I see the cookies stored in Internet Explorer. The content looks OK.
Then the reading code:
HttpCookie cookie = Request.Cookies["AdminPrintModule"];
test = cookie.Values["PrinterSetting2"].ToString();
The cookie variable keeps null . Storing the PrinterSetting2 value in the test variable fails.
I don't know what I'm doing wrong because this is more or less a copy-paste from the examples here on stackoverflow. Why can't I read the PrinterSetting2 value from the cookie ?
try with below code :-
if (Request.Cookies["AdminPrintModule"] != null)
{
HttpCookie cookie = Request.Cookies["AdminPrintModule"];
test = cookie["PrinterSetting2"].ToString();
}
Have a look at this document http://www.c-sharpcorner.com/uploadfile/annathurai/cookies-in-Asp-Net/ :-
Below are few types to write and read cookies :-
Non-Persist Cookie - A cookie has expired time Which is called as
Non-Persist Cookie
How to create a cookie? Its really easy to create a cookie in the
Asp.Net with help of Response object or HttpCookie
Example 1:
HttpCookie userInfo = new HttpCookie("userInfo");
userInfo["UserName"] = "Annathurai";
userInfo["UserColor"] = "Black";
userInfo.Expires.Add(new TimeSpan(0, 1, 0));
Response.Cookies.Add(userInfo);
Example 2:
Response.Cookies["userName"].Value = "Annathurai";
Response.Cookies["userColor"].Value = "Black";
How to retrieve from cookie?
Its easy way to retrieve cookie value form cookes by help of Request
object. Example 1:
string User_Name = string.Empty;
string User_Color = string.Empty;
User_Name = Request.Cookies["userName"].Value;
User_Color = Request.Cookies["userColor"].Value;
Example 2:
string User_name = string.Empty;
string User_color = string.Empty;
HttpCookie reqCookies = Request.Cookies["userInfo"];
if (reqCookies != null)
{
User_name = reqCookies["UserName"].ToString();
User_color = reqCookies["UserColor"].ToString();
}
You must ensure that you have values in Request.QueryString.Just to check if your code works hard code values of cookies and then read from cookie.
I am retrieving the tenant name from the url. I'd prefer to do it only once, store it in the cookie, and retrieve it from there when I need it in a new page request.
I am using the code below to "create" a cookie. I was hoping that the interface would allow me to store additional information but it doesn't. Is there a way to do this or am I on the wrong track?
public void SignIn(string userName, bool createPersistentCookie)
{
if (String.IsNullOrEmpty(userName))
throw new ArgumentException("Value cannot be null or empty.", "userName");
FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
}
thanks in advance.
The FormsAuthenticationExtensions project on codeplex and on Nuget does exactly this. https://archive.codeplex.com/?p=formsauthext
Usage -Setting Values
using FormsAuthenticationExtensions;
using System.Collections.Specialized;
var ticketData = new NameValueCollection
{
{ "name", user.FullName },
{ "emailAddress", user.EmailAddress }
};
new FormsAuthentication().SetAuthCookie(user.UserId, true, ticketData);
Usage -Retrieving Values
using FormsAuthenticationExtensions;
using System.Web.Security;
var ticketData = ((FormsIdentity) HttpContext.Current.User.Identity).Ticket.GetStructuredUserData();
var name = ticketData["name"];
var emailAddress = ticketData["emailAddress"];
Basically, you can append a name/value dictionary inside of your FormsAuthentication cookie to store some frequently used values. We leverage this store store a small subset of user information such as companyId, etc.
Additionally, there is no 'black magic' happening here, it is simply encapsulating the setting/retrieving of the UserData property inside of the FormsAuthentication Ticket
As for consideration, please be sure to read the notes at the bottom of the project page as it describes why this should only be used for small amounts of long-living data.
Personally, I wouldn't try to alter the Auth Cookie. Instead, create a new cookie:
var myCookie = new HttpCookie("myCookie");//instantiate an new cookie and give it a name
myCookie.Values.Add("TenantName", "myTenantName");//populate it with key, value pairs
Response.Cookies.Add(myCookie);//add it to the client
Then you can read the value on that's written to the cookie like this
var cookie = Request.Cookies["myCookie"];
var tenantName = cookie.Values["TenantName"].ToString();
//tenantName = "myTenantName"
I have a problem with creating HttpOnly Cookies , I use the following code to creat new cookie:
//A.aspx
HttpCookie ht = new HttpCookie("www");
ht.Value = "www";
ht.Name = "www";
ht.HttpOnly = true;
ht.Expires = DateTime.Now.AddDays(1);
Response.AppendCookie(ht);
Response.Redirect("B.aspx");
//B.aspx
HttpCookie cookie = Request.Cookies["Allowed"];
HttpCookie htt = Request.Cookies["www"];
if (cookie != null)
{
Response.Write(cookie.HttpOnly);
Response.Write(htt.HttpOnly);
}
else
{
cookie = new HttpCookie("Allowed");
cookie.HttpOnly = true;
cookie.Value = "ping";
cookie.Expires = DateTime.Now.AddMinutes(2);
Response.Cookies.Add(cookie);
Response.Write(cookie.HttpOnly);
Response.Write(htt.HttpOnly);
}
The problem is that the final result is always : False, although the HttpOnly property is set to True .
Can anyone explain me a way to figure this out ?
Thanx
Cookie parameters (expiration date, path, HttpOnly etc) are not sent back to the server by the browser, only the values. Sending them back would only introduce unnecessary bloat. Therefore the cookies in Request.Cookies will only contain the names and values.
If you want to see if your HttpOnly value is taking effect, use Firecookie or something similar to inspect the cookies. Or try accessing them in JavaScript - that's what it's supposed to prevent.