Hi! We found regression in latest version of Forms Authentication - in case when the FormsAuthenticationTicket is not persistent (created with FormsAuthentication.SetAuthCookie("userName", false)) the HttpRequest.IsAuthenticated will return false. Attached possible patch (in FormsAuthenticationModule.cs) and test case. Thanks, Ilya Kharmatsky. Gonzalo Paniagua Javier wrote: On Wed, 2005-03-02 at 11:45 -0700, Jesse Pasichnyk wrote:I am working on developing an ecommerce site with mono/postgres and am having some issues with the a Forms based security login area.Last mono release shipped with a regression that might make FormsAuthentication fail. You can get a new System.Web.dll from http://www.go-mono.com/archive/1.0.6/System.Web.dll or http://www.go-mono.com/archive/1.1.4/System.Web.dll -Gonzalo _______________________________________________ Mono-list maillist - Mono-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-list |
Index: System.Web.Security/FormsAuthenticationModule.cs =================================================================== --- System.Web.Security/FormsAuthenticationModule.cs (revision 41482) +++ System.Web.Security/FormsAuthenticationModule.cs (working copy) @@ -15,10 +15,10 @@ // distribute, sublicense, and/or sell copies of the Software, and to // permit persons to whom the Software is furnished to do so, subject to // the following conditions: -// +// // The above copyright notice and this permission notice shall be // included in all copies or substantial portions of the Software. -// +// // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND @@ -65,7 +65,7 @@ string reqPath = context.Request.PhysicalPath; string loginPath = context.Request.MapPath (loginPage); context.SkipAuthorization = (reqPath == loginPath); - + FormsAuthenticationEventArgs formArgs = new FormsAuthenticationEventArgs (context); if (Authenticate != null) Authenticate (this, formArgs); @@ -76,13 +76,13 @@ context.User = formArgs.User; return; } - + HttpCookie cookie = context.Request.Cookies [cookieName]; if (cookie == null || (cookie.Expires != DateTime.MinValue && cookie.Expires < DateTime.Now)) return; FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt (cookie.Value); - if (ticket == null || ticket.Expired) + if (ticket == null || (ticket.IsPersistent && ticket.Expired)) return; if (config.SlidingExpiration)
private void Page_Load(object sender, System.EventArgs e) { Response.Write("Request.IsAuthenticated "+Request.IsAuthenticated + "<br>"); HttpCookieCollection collection = Response.Cookies; Response.Write("Before setting forms cookie! <br>"); foreach(string o in collection) { Response.Write(collection[o].Name + " " +collection[o].Value + "<br>"); } FormsAuthentication.SetAuthCookie("userName", false); collection = Response.Cookies; Response.Write("After setting forms cookie! <br>"); foreach(string o in collection) { Response.Write(collection[o].Name + " " +collection[o].Value + " " + collection[o].Expires + "<br>"); } }