How do I update FormsAuthenticationTicker.userdata after ticket created?

[Wysiwyg]

When a user logs on to an application the new FormsAuthenticationTicket is
created with a userdata field which I can populate with anything useful I
might want. A cookie is created with an encrypted hash of the ticket.

Is it possible to update the ticket's userdata field once the ticket has
been created or is the ticket strictly readonly? If this isn't possible then
I expect I will just need to create my own cookie for additional information
that needs to change.

Thanks!
Bill

[Hernan de Lahitte]

In fact, the ticket is readonly. However, you may recreate it with your new
Userdata value and update the forms cookie with the newly created ticket.
Check out this code:

// Get the cookie created by the FormsAuthentication API
// If you put this code in Application_AuthenticateRequest
// event, you may use Context.User.Identity.Name prop. instedad of
UserId.Text
HttpCookie cookie = FormsAuthentication.GetAuthCookie( UserId.Text,
false );
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt(cookie.Value);

// Notice that all current ticket properties are preserved in the new
ticket
FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
ticket.IsPersistent, yourNewUserDataValue, ticket.CookiePath);

// add the encrypted ticket to the cookie as data.
cookie.Value = FormsAuthentication.Encrypt(newticket);

// Update the outgoing cookies collection.
Context.Response.Cookies.Set(cookie);


Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]


"Wysiwyg" <wysiwyg@xmissionNSPAM.com> wrote in message
news:cpaga9$5gb$1@news.xmission.com...

> When a user logs on to an application the new FormsAuthenticationTicket is
> created with a userdata field which I can populate with anything useful I
> might want. A cookie is created with an encrypted hash of the ticket.
>
> Is it possible to update the ticket's userdata field once the ticket has
> been created or is the ticket strictly readonly? If this isn't possible
> then
> I expect I will just need to create my own cookie for additional
> information
> that needs to change.
>
> Thanks!
> Bill
>
>

[Wysiwyg]

Thanks for the reply! Recreating the ticket is the way to go.

Thanks again,

Bill

"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:OfuiZYk3EHA.1392@tk2msftngp13.phx.gbl...

> In fact, the ticket is readonly. However, you may recreate it with your

new

> Userdata value and update the forms cookie with the newly created ticket.
> Check out this code:
>
> // Get the cookie created by the FormsAuthentication API
> // If you put this code in Application_AuthenticateRequest
> // event, you may use Context.User.Identity.Name prop. instedad of
> UserId.Text
> HttpCookie cookie = FormsAuthentication.GetAuthCookie( UserId.Text,
> false );
> FormsAuthenticationTicket ticket =
> FormsAuthentication.Decrypt(cookie.Value);
>
> // Notice that all current ticket properties are preserved in the new
> ticket
> FormsAuthenticationTicket newticket = new FormsAuthenticationTicket(
> ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration,
> ticket.IsPersistent, yourNewUserDataValue, ticket.CookiePath);
>
> // add the encrypted ticket to the cookie as data.
> cookie.Value = FormsAuthentication.Encrypt(newticket);
>
> // Update the outgoing cookies collection.
> Context.Response.Cookies.Set(cookie);