Re: [Mono-list] Current state of FormsAuthentication

Sun, 06 Mar 2005 08:50:20 -0800

Hi!

We found regression in latest version of Forms Authentication - in case
when the FormsAuthenticationTicket is not persistent (created with
FormsAuthentication.SetAuthCookie("userName", false))
the HttpRequest.IsAuthenticated will return false.

Attached possible patch (in FormsAuthenticationModule.cs) and test case.

Thanks,
Ilya Kharmatsky.

Gonzalo Paniagua Javier wrote: 
On Wed, 2005-03-02 at 11:45 -0700, Jesse Pasichnyk wrote:
  
I am working on developing an ecommerce site with mono/postgres and am
having some issues with the a Forms based security login area. 
    

Last mono release shipped with a regression that might make
FormsAuthentication fail.

You can get a new System.Web.dll from
http://www.go-mono.com/archive/1.0.6/System.Web.dll or
http://www.go-mono.com/archive/1.1.4/System.Web.dll

-Gonzalo


_______________________________________________
Mono-list maillist  -  Mono-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list

  
Index: System.Web.Security/FormsAuthenticationModule.cs
===================================================================
--- System.Web.Security/FormsAuthenticationModule.cs    (revision 41482)
+++ System.Web.Security/FormsAuthenticationModule.cs    (working copy)
@@ -15,10 +15,10 @@
 // distribute, sublicense, and/or sell copies of the Software, and to
 // permit persons to whom the Software is furnished to do so, subject to
 // the following conditions:
-// 
+//
 // The above copyright notice and this permission notice shall be
 // included in all copies or substantial portions of the Software.
-// 
+//
 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
@@ -65,7 +65,7 @@
                        string reqPath = context.Request.PhysicalPath;
                        string loginPath = context.Request.MapPath (loginPage);
                        context.SkipAuthorization = (reqPath == loginPath);
-                       
+
                        FormsAuthenticationEventArgs formArgs = new 
FormsAuthenticationEventArgs (context);
                        if (Authenticate != null)
                                Authenticate (this, formArgs);
@@ -76,13 +76,13 @@
                                        context.User = formArgs.User;
                                return;
                        }
-                               
+
                        HttpCookie cookie = context.Request.Cookies 
[cookieName];
                        if (cookie == null || (cookie.Expires != 
DateTime.MinValue && cookie.Expires < DateTime.Now))
                                return;
 
                        FormsAuthenticationTicket ticket = 
FormsAuthentication.Decrypt (cookie.Value);
-                       if (ticket == null || ticket.Expired)
+                       if (ticket == null || (ticket.IsPersistent && 
ticket.Expired))
                                return;
 
                        if (config.SlidingExpiration)

private void Page_Load(object sender, System.EventArgs e)
{
        Response.Write("Request.IsAuthenticated "+Request.IsAuthenticated + 
"<br>");
        HttpCookieCollection collection = Response.Cookies;
        Response.Write("Before setting forms cookie! <br>");
        foreach(string o in collection)
        {
                Response.Write(collection[o].Name + " " +collection[o].Value + 
"<br>");                         
        }
        FormsAuthentication.SetAuthCookie("userName", false);
        collection = Response.Cookies;
        Response.Write("After setting forms cookie! <br>");
        foreach(string o in collection)
        {
                Response.Write(collection[o].Name + " " +collection[o].Value + 
" " + collection[o].Expires + "<br>");                           
        }
}

Reply via email to