Storing more information using FormsAuthentication.SetAuthCookie

Eden picture Eden · Jul 19, 2009 · Viewed 58.8k times · Source

I am using aspx and c# for a setting a authentication cookie for a login.

FormsAuthentication.SetAuthCookie(UserName, True)

I want to store more information in the same cookie. Can I add values to this authentication cookie or do I have to use a second http cookie?

Basically I'm looking for away to store the User's Id so I may be able to access the database using the users table row key

Thanks, Eden

Answer

Joe picture Joe · Jul 19, 2009

You can add user data to the FormsAuthenticationTicket, then generate the cookie yourself.

There's an example in the the MSDN documentation for FormsAuthenticationTicket.

EDIT

Note that when creating the ticket, you need to set the timeout, which in general you will want to be the same as the value configured in web.config. Unfortunately, in the Framework 3.5 or earlier, the FormsAuthentication class does not expose this timeout publicly. For a workaround, use one of the techniques described in the response to this connect feedback item.

UPDATE

That Connect feedback item is no longer there, sadly. Wish you had briefly described what the techniques were.

Yes, it's a pity Microsoft has discarded historical Connect items. IIRC, the two techniques they suggested were:

  1. Use WebConfigurationManager to read the relevant configuration section and get the timeout value.

  2. Create a cookie using FormsAuthentication.GetAuthCookie, decrypt it using FormsAuthentication.Decrypt and inspect the generated FormsAuthenticationTicket.

Or upgrade to .NET 4.x where there is a FormsAuthentication.Timeout property.

See this question for more info