Extend forms authentication to use a custom http header for ticket

FormAuthentication module is not extendible, but you could write your own authentication. It is very simple:

Authentication(2):


var formsTicket = new FormsAuthenticationTicket(
    1, login, DateTime.Now, DateTime.Now.AddYears(1), persistent, String.Empty);
var encryptedFormsTicket = FormsAuthentication.Encrypt(formsTicket);
//return encryptedFormsTicket string to client

Service call with attached ticket(4):


var ticket = FormsAuthentication.Decrypt(encryptedFormsTicket)
//extract authentication info from ticket: ticket.Name

I am not sure this is the way to go (elegance-wise), but what about adding an event in global.asax.cs for Application BeginRequest and taking the string from the header and injecting a cookie into the Request yourself (Forms authentication should then pick that up).

Something like:


protected void Application_BeginRequest()
{
    // Your code here to read request header into cookieText variable
    string cookieText = ReadCookieFromHeader();

    var cookieData = FormsAuthentication.Decrypt(cookieText);

    if (!cookieData.Expired)
    {
        HttpContext.Current.Request.Cookies.Add(new HttpCookie(cookieData.Name, cookieText));
    }
}

DISCLAIMER: Please note that I didn't test this, just throwing a possible approach your way!

Extend forms authentication to use a custom http header for ticket

Tags:

Asp.Net

Forms Authentication

Webhttp

Related

Recent Posts