Mvc custom httpcookie used to authorize?

Just put your extra stuff in a different cookie. And if forms auth says the user isn't authenticated, don't read the other cookies. No need to overload the purpose of the auth cookie (and non trivial to do so securely).

If all I need would be in the formsauth already. Just curious.. – gdubs Jun 9 at 4:17.

There is a UserData property of the FormsAuthenticationTicket. It is a string so you will have to be able to serialize/deserialize any complex data.

Good security design says don't store this information in a cookie - figure out another way (server side). Recently (octoberish) the ASP. Net POET vulnerability taught us that forms auth tickets could be forged because the machinekey could be determined and hence data encrypted as it would be on the server.

I know - not exactly what you asked but I think it's important to not store sensitive data on the client side.

SetAuthCookie to store an Id so I can use it on the next page that is "Authorized" (using custom authorizeattribute controller). But I'm currently thinking of making a custom cookie using httpcookie so I can store more data, or easily maintainable data. Was wondering if having the kind of cookie will I be able to authorize the current user to access the "Authorized" controllers?

If so how do I go about it. Hope that made sense.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Related Questions

» About WebKnox
» Contact
» WebKnox Blog
» RSS
» Newsletter
» Twitter
» API
» API Showcase