Click here to Skip to main content
15,943,477 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
I have a website where a user can authenticate with their facebook account or twitter:
to know the user I used the cookie:

Global.asax:
C#
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        {
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                var id = new MyIdentity(authTicket);
                var userData = authTicket.UserData.Split(',');
               
                id.SocialProviderName = userData[0].Replace("providerslist=", "").Split('|')[0];
                var newUser = new MyPrincipal(id);
                Context.User = newUser;
            }

        }



the user can link two accounts (facebook and twitter). connect with
twitter and then click on "account linking" and will be redirect to authenticate with her facebook account

the problem is that when redirecting to the second account the cookie becomes null and
SQL
if (this.HttpContext.Request.IsAuthenticated)
            {...}

return false


My Controller:

....
FormsAuthentication.SetAuthCookie(socialProfile.UserId, true);
ResetFormsCookie(providerName, socialProfile.UserId);
....
UserId generate by GUID

C#
public void ResetFormsCookie(string providerName, string userId)
        {
            var authCookie = HttpContext.Current.ApplicationInstance.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie == null)
            {
                authCookie = FormsAuthentication.GetAuthCookie(userId, true);
            }
            var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var userData = authTicket.UserData;
            var providerslist = (from c in userData.Split(',') where c.Contains("providerslist=") select c).FirstOrDefault();
            if (string.IsNullOrEmpty(providerslist))
            {
                userData += string.IsNullOrEmpty(userData) ? "providerslist=" + providerName : ",providerslist=" + providerName;
            }
            else
            {
                if (!providerslist.Contains(providerName))
                {
                    userData = userData.Replace(providerslist, providerslist + "|" + providerName);
                }
            }
            var newTicket = new FormsAuthenticationTicket(authTicket.Version, authTicket.Name, authTicket.IssueDate
                , DateTime.Now.AddDays(90) // authTicket.Expiration ToDo: This need to set in the config
            , authTicket.IsPersistent, userData);
            authCookie.Value = FormsAuthentication.Encrypt(newTicket);
            HttpContext.Current.Response.Cookies.Add(authCookie);
        }



I apologize for my English
Thanks,
Posted

1 solution

Cookies are stored per-host or per-path, you cannot read on a server a cookie sent by another server/set in another application. This would be a big security issue.
Read this article about facebook sign-on with mvc: http://amirrajan.net/Blog/asp-mvc-and-facebook-single-sign-on[^]
 
Share this answer
 
v2
Comments
saisne 12-Jun-12 15:54pm    
@Zoltán Zörgő4 if I connect with a single account, the cookie is valide and works well : this.HttpContext.Request.IsAuthenticated return true. but if I link the two account : this.HttpContext.Request.IsAuthenticated return false
Thanks,
Zoltán Zörgő 13-Jun-12 3:02am    
this.HttpContext.Request.IsAuthenticated value is provided by your asp.net authentication provider. How should this know about the third party authentication result?
saisne 13-Jun-12 4:15am    
I am beginner in asp.net and cookie.
this.HttpContext.Request.IsAuthenticated: can detect if the user is already authenticated or not
Zoltán Zörgő 13-Jun-12 6:09am    
This is far more complicated. It will not detect anything. All this is related to membership providers. You could need something like facebook memebrship provider
saisne 13-Jun-12 12:53pm    
@Zoltán Zörgő can you give me an example to use the cookie in my website (global.asax, web.config and controller)
Thank you very much

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900