Cookie not persisted w/o call to GetRedirectUrl()

[Jim Foye]

I am using forms authentication. I do not have default.aspx nor do I want
one as I am using multiple roles and I want to redirect the user after
logging in based on his role. Here's the pertinent section from web.config:

<authentication mode="Forms">
<forms name="MMAuth"
loginUrl="/forms/cl_signin.aspx"
protection="All"
timeout="60"
path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

The below code is not my real code, but is an example I lifted from a
website, and it should serve to pretty well illustrate my problem. I put
into my source and compiled and debugged it. Email is a textbox with the
user's email which serves as his user name, and let's say I've already
validated him.

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1,

Email.Text,

DateTime.Now,

DateTime.Now.AddHours(3), // or anything else,
it doesn't matter

true,

"client");
string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
cookie.Expires = ticket.Expiration; // or anything else, it doesn't matter
Response.Cookies.Add(cookie);
Response.Redirect(FormsAuthentication.GetRedirectU rl(Email.Text, true));

This will persist the cookie, but I can't use this code, because
GetRedirectUrl() is a bit stubborn and only wants to take me to
default.aspx. According to ASP.NET Cookbook by O'Reilly, no problem, I just
call Response.Redirect() with the page I want to go to. That will persist
the cookie. But it doesn't.

I find it very strange that I have to

1) Set an expiration on the ticket
2) Tell the ticket that is persistent
3) Set the expiration for the cookie that contains the ticket

and still the cookie does not persist. It seems to come back from the
browser for the current session, but it won't persist. It will only persist
if I

4) call GetRedirectUrl() with the 2nd parameter set to true to let it know
that the cookie (whose expiration I have set) which contains the ticket
(whose expiration AND persistence flag I have set) should in fact be
persisted on the client.

Calling GetRedirectUrl() and tossing the return value and going on my merry
way with Response.Redirect(), while looking very funky, would be acceptable
at this point, but that does not work, I have to call it exactly as you see
above.

This is a strange API, even by Microsoft standards.

Please help.

Jim

[Jim Foye]

Does anyone have any ideas??

"Jim Foye" <jimfoye2@hotmail.com> wrote in message
news:%23Lk2G$BBFHA.4004@tk2msftngp13.phx.gbl...

>I am using forms authentication. I do not have default.aspx nor do I want
>one as I am using multiple roles and I want to redirect the user after
>logging in based on his role. Here's the pertinent section from web.config:
>
> <authentication mode="Forms">
> <forms name="MMAuth"
> loginUrl="/forms/cl_signin.aspx"
> protection="All"
> timeout="60"
> path="/">
> </forms>
> </authentication>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
>
> The below code is not my real code, but is an example I lifted from a
> website, and it should serve to pretty well illustrate my problem. I put
> into my source and compiled and debugged it. Email is a textbox with the
> user's email which serves as his user name, and let's say I've already
> validated him.
>
> FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1,
>
> Email.Text,
>
> DateTime.Now,
>
> DateTime.Now.AddHours(3), // or anything else, it doesn't matter
>
> true,
>
> "client");
> string encryptedTicket = FormsAuthentication.Encrypt(ticket);
> HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
> encryptedTicket);
> cookie.Expires = ticket.Expiration; // or anything else, it doesn't
> matter
> Response.Cookies.Add(cookie);
> Response.Redirect(FormsAuthentication.GetRedirectU rl(Email.Text, true));
>
> This will persist the cookie, but I can't use this code, because
> GetRedirectUrl() is a bit stubborn and only wants to take me to
> default.aspx. According to ASP.NET Cookbook by O'Reilly, no problem, I
> just call Response.Redirect() with the page I want to go to. That will
> persist the cookie. But it doesn't.
>
> I find it very strange that I have to
>
> 1) Set an expiration on the ticket
> 2) Tell the ticket that is persistent
> 3) Set the expiration for the cookie that contains the ticket
>
> and still the cookie does not persist. It seems to come back from the
> browser for the current session, but it won't persist. It will only
> persist if I
>
> 4) call GetRedirectUrl() with the 2nd parameter set to true to let it know
> that the cookie (whose expiration I have set) which contains the ticket
> (whose expiration AND persistence flag I have set) should in fact be
> persisted on the client.
>
> Calling GetRedirectUrl() and tossing the return value and going on my
> merry way with Response.Redirect(), while looking very funky, would be
> acceptable at this point, but that does not work, I have to call it
> exactly as you see above.
>
> This is a strange API, even by Microsoft standards.
>
> Please help.
>
> Jim
>