开发者

System.Web.Security.FormsAuthentication.Encrypt returns null

开发者 https://www.devze.com 2022-12-27 13:05 出处:网络
I\'m trying to encrypt some userData to create my开发者_开发问答 own custom IPrincipal and IIdentity objects using Forms authentication - I\'ve serialized an object representing my logged in user to J

I'm trying to encrypt some userData to create my开发者_开发问答 own custom IPrincipal and IIdentity objects using Forms authentication - I've serialized an object representing my logged in user to Json and created my FormsAuthentication ticket like so:

string user_item = GetJsonOfLoggedinUser();/*get JSON representation of my logged in user*/

System.Web.Security.FormsAuthenticationTicket ticket = 
    new System.Web.Security.FormsAuthenticationTicket(1,
    WAM.Utilities.SessionHelper.LoggedInEmployee.F_NAME + " " 
    + WAM.Utilities.SessionHelper.LoggedInEmployee.L_NAME,
    DateTime.Now, DateTime.Now.AddMinutes(30), false, user_item);

string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket);

HttpCookie auth_cookie = 
    new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName,        encrypted_ticket);

Response.Cookies.Add(auth_cookie);

However, the string encrypted_ticket is always null. Is there a limit on the length of the user_item string?

Thanks Mustafa


As an addition to this issue, when the userData parameter is null the encrypted_ticket will also be null.

In this example:

var ticket = new System.Web.Security.FormsAuthenticationTicket(1,
         "username",
        DateTime.Now, DateTime.Now.AddMinutes(30), false, null);

string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket);

encrypted_ticket yields now null. However when using an empty string or string.Empty for the userData parameter we get a valid encrypted_ticket.

This is also somewhat documented on MSDN

Note

The userData parameter cannot be null.


Yes, the typical cookie limit is ~4k.

Add encryption and you are down to <2k.

Your code is correct.. consider:

string user_item = "fsddfdfssdfsfdasdfsf";

System.Web.Security.FormsAuthenticationTicket ticket =
    new System.Web.Security.FormsAuthenticationTicket(1,
     " sdfasdf asdflasdfasd ",
    DateTime.Now, DateTime.Now.AddMinutes(30), false, user_item);

string encrypted_ticket = 
    System.Web.Security.FormsAuthentication.Encrypt(ticket);

HttpCookie auth_cookie = 
    new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, encrypted_ticket);

Yields:

95ED981CFDF6AE506650E2AD01D2B52666AFC4895F0E19F14D82628C3F263EF1DA77F73BFD0284BEDCF815FBFB9AF00AF8875C61D01E27BF53C229F19C7CDE54FBC10AC478FAF02237DDC545AEF32BBA8EED88DBB09D671CD87E685E9FE05908CAE02EB05880DC1D230D67AEB0D7B0F258435D906EBD7F505DCCD738D94532E96363B13DA92060720476619672FEC670

While it is my experience that bloated cookies are truncated as opposed to nulled, your issue is probably that JSON contains characters that will make your cookie malformed, thus breaking it.

Make sure your json is a reasonable size, then try

string user_item = Server.UrlEncode(GetJsonOfLoggedinUser());

Make sure you measure your cookies and don't try to push it, it will bite in subtle and vicious ways when you want to be home watching Lost and drinking tequila. no fun.


i used this code to redirect from login page to may deafault.aspx page and my UserData was Null like your Problem:

FormsAuthentication.RedirectFromLoginPage(username, false);

i change the code , try this code to redirect from Login.aspx to Default.aspx page and your User Data will be fine:

Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName, false));

....
0

精彩评论

暂无评论...
验证码 换一张
取 消