Home
ASP.NET Forums » General ASP.NET » Security » Cookie Creation as a Result of FormsAuthentication.RedirectFromLoginPage

Cookie Creation as a Result of FormsAuthentication.RedirectFromLoginPage

Last post 09-02-2008 5:46 PM by guru_sarkar. 3 replies.

Sort Posts:

  • Cookie Creation as a Result of FormsAuthentication.RedirectFromLoginPage

    09-02-2008, 2:42 PM
    • Member
      6 point Member
    • dotBomb
    • Member since 05-02-2007, 1:57 PM
    • Posts 27

    Hello all,

    I have a custom event that is handling the authentication event of my login control.  It is "PortalLoginControl_Authenticate(object sender, AuthenticateEventArgs e) { ... }."  Two questions:

    1. I'm trying to make sense of the contents that are stored in the cookie created by the execution of the following line:

    FormsAuthentication.RedirectFromLoginPage(this.PortalLoginControl.UserName, this.PortalLoginControl.RememberMeSet);

    After I login, if I were to kill the browser, login again and execute the following code prior to the above call,

    // check for existing "Remember Me" cookie ...

    //

    if (Request.Cookies[".M5LOGIN"] != null)

    {

    // get the cookie

    HttpCookie cookie = Request.Cookies[".M5LOGIN"];

    // get the cookie value

    string value = Server.HtmlEncode(cookie.Value);

    }

    The 'value' field gets populated, but with a string that is not human-readable.  What is being stored in the value returned by 'Server.HtmlEncode(cookie.Value)" ??

    2. Do I control this somehow or is the login control in complete control of what gets written out to the cookie?

    Thanks for any insight,

    Dan (dotBomb)

    Dan Kemper, MCP, http://dankemper.net

  • Re: Cookie Creation as a Result of FormsAuthentication.RedirectFromLoginPage

    09-02-2008, 3:00 PM
    • Participant
      1,059 point Participant
    • codenenterp
    • Member since 08-25-2008, 8:58 PM
    • Boise,Id
    • Posts 234

    I am not for sure on this but I think it is base64 encoded.

    Solutions Architect
    Coden Enterprises
    http://www.codenenterprises.com/iblog

  • Re: Cookie Creation as a Result of FormsAuthentication.RedirectFromLoginPage

    09-02-2008, 4:25 PM
    • Member
      6 point Member
    • dotBomb
    • Member since 05-02-2007, 1:57 PM
    • Posts 27

    CodenenOkay, does this mean I can use base64 number system to decode the string?  If so, I have tried, and the result is an even more cryptic string of characters than before.  Basically, I'm just trying to figure out what these cookie contents actually represent, and if they have any significance to humans.  Please see my two questions in the first post.

    Dan Kemper, MCP, http://dankemper.net

  • Re: Cookie Creation as a Result of FormsAuthentication.RedirectFromLoginPage

    09-02-2008, 5:46 PM
    Answer
    • All-Star
      17,442 point All-Star
    • guru_sarkar
    • Member since 08-30-2007, 8:00 PM
    • Posts 2,646

    Some thoughts:

    When you are using RedirectFromLoginPage it is all happening behind the scene you do not control. It should be using information from your machine.config. Check this: http://support.microsoft.com/kb/910443

    But you can generate FormsAuthentication Ticket manually then Encrypt it. and add it to cookies collection. Look more on FormsAuthenticaion.Encrypt and FormsAuthenticaion.Decrypt.

    Check this: http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.encrypt.aspx

     

     

    /GuruBhai

    Guru Sarkar's Blog
Page 1 of 1 (4 items)
RSS Available

Contact | Advertise | Issue Management by Axosoft's OnTime | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.