locked
HttpContext and the Login Control RRS feed

  • Question

  • User1849279150 posted

    I am creating a cookie with LastLoginDate info in it:

    protected void Login1_LoggedIn(object sender, EventArgs e)
            {
                Response.Cookies["LastLoginDate:" + Login1.UserName].Value = Membership.GetUser(Login1.UserName).LastLoginDate.ToString();
                Response.Cookies["LastLoginDate:" + Login1.UserName].Expires = DateTime.Now.AddDays(30);
            }

    But I want to use the HttpContext.Current.User.Identity.Name instead of the text from the login control, but the context is not authenticated and there is no name.  I use the Context elsewhere my program to display the cookie info (on the master page), and that works, when does the context get set?  I would have thought it was before the LoggedIn event?

    Thursday, May 8, 2014 2:33 PM

All replies

  • User-760709272 posted

    In the past I've seen the identity not get set until the next request as it is cookie-based.  If you always direct your users to a certain page after they log in you could put the code there.  However if the Login1.Username property is the same as the username then is it much of an issue?

    Thursday, May 8, 2014 3:11 PM
  • User1849279150 posted

    the "issue" is that Login1.UserName is userspace while HttpContext.Current.User.Identity.Name is serverspace.

    It's not much of an issue, but it seems like it would be "safer" to query the server for a piece of information.

    Friday, May 9, 2014 5:48 PM
  • User465171450 posted

    Not sure what you mean by userspace. Login1.UserName is serverside and within the same context of the HttpContext.Current. Both are scoped to the same request context but one is scoped to a particular page instance.

    Are you using forms authentication? If so, create a formsauthenticationticket. You can do this with your own user system and not have to use the asp.net membership.

    http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationticket(v=vs.110).aspx

    This will create an encrypted ticket that contains the information necessary to populate the current identity information.

    Saturday, May 10, 2014 10:15 AM