I have an ASP.NET MVC application. In this after user get Sign in .We set the a cookie for the user who logged in using FormsAuthentication.SetAuthCookie(userName, false). In other page we get the Cookies using the FormsAuthentication.GetAuthCookie(userName]) . This cookie values as string is then set in the
Response.Cookies["username"].Value = cookiesvalue
We have .aspx page in the same application that downloads silverlight application. Silverlight reads the cookies using the code
string[] cookies = HtmlPage.Document.Cookies.Split(';');
The problem is that once session expires in the application,silverlight cannot read the cookie valu开发者_运维知识库e.
After the session expires we again set the cookies in headers using the
Response.Cookies["username"].Value = cookiesvalue
But still silverlight application cannot read this cookie .
Thanks in Advance DNM
The authentication cookie (the one set with FormsAuthentication.SetAuthCookie(userName, false)
) is a special cookie. It is encrypted using the machine key on the server and it can only be manipulated by the server. Silverlight executes on the client side which explains why you cannot decrypt the username stored inside this cookie.
Just imagine for a moment that you could read and modify the value of this cookie on the client side : this would mean that you could impersonate any user.
精彩评论