asp.net mvc3 and cookie

Question

4.00/5 (1 vote)

See more:

I have a website where a user can authenticate with their facebook account or twitter:
to know the user I used the cookie:

Global.asax:

C#

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
        {
            HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie != null)
            {
                var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                var id = new MyIdentity(authTicket);
                var userData = authTicket.UserData.Split(',');
               
                id.SocialProviderName = userData[0].Replace("providerslist=", "").Split('|')[0];
                var newUser = new MyPrincipal(id);
                Context.User = newUser;
            }

        }

the user can link two accounts (facebook and twitter). connect with
twitter and then click on "account linking" and will be redirect to authenticate with her facebook account

the problem is that when redirecting to the second account the cookie becomes null and

SQL

if (this.HttpContext.Request.IsAuthenticated)
            {...}

return false

My Controller:
....
FormsAuthentication.SetAuthCookie(socialProfile.UserId, true);
ResetFormsCookie(providerName, socialProfile.UserId);
....
UserId generate by GUID

C#

public void ResetFormsCookie(string providerName, string userId)
        {
            var authCookie = HttpContext.Current.ApplicationInstance.Request.Cookies[FormsAuthentication.FormsCookieName];
            if (authCookie == null)
            {
                authCookie = FormsAuthentication.GetAuthCookie(userId, true);
            }
            var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
            var userData = authTicket.UserData;
            var providerslist = (from c in userData.Split(',') where c.Contains("providerslist=") select c).FirstOrDefault();
            if (string.IsNullOrEmpty(providerslist))
            {
                userData += string.IsNullOrEmpty(userData) ? "providerslist=" + providerName : ",providerslist=" + providerName;
            }
            else
            {
                if (!providerslist.Contains(providerName))
                {
                    userData = userData.Replace(providerslist, providerslist + "|" + providerName);
                }
            }
            var newTicket = new FormsAuthenticationTicket(authTicket.Version, authTicket.Name, authTicket.IssueDate
                , DateTime.Now.AddDays(90) // authTicket.Expiration ToDo: This need to set in the config
            , authTicket.IsPersistent, userData);
            authCookie.Value = FormsAuthentication.Encrypt(newTicket);
            HttpContext.Current.Response.Cookies.Add(authCookie);
        }

I apologize for my English
Thanks,

Posted 12-Jun-12 7:53am

saisne

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Zoltán Zörgő** · Answer 1 · 2012-06-12T08:48:00

Solution 1

Cookies are stored per-host or per-path, you cannot read on a server a cookie sent by another server/set in another application. This would be a big security issue.
Read this article about facebook sign-on with mvc: http://amirrajan.net/Blog/asp-mvc-and-facebook-single-sign-on[^]

Posted 12-Jun-12 8:48am

Zoltán Zörgő

Updated 12-Jun-12 8:49am

v2

Comments

saisne 12-Jun-12 15:54pm

@Zoltán Zörgő4 if I connect with a single account, the cookie is valide and works well : this.HttpContext.Request.IsAuthenticated return true. but if I link the two account : this.HttpContext.Request.IsAuthenticated return false
Thanks,

Zoltán Zörgő 13-Jun-12 3:02am

this.HttpContext.Request.IsAuthenticated value is provided by your asp.net authentication provider. How should this know about the third party authentication result?

saisne 13-Jun-12 4:15am

I am beginner in asp.net and cookie.
this.HttpContext.Request.IsAuthenticated: can detect if the user is already authenticated or not

Zoltán Zörgő 13-Jun-12 6:09am

This is far more complicated. It will not detect anything. All this is related to membership providers. You could need something like facebook memebrship provider

saisne 13-Jun-12 12:53pm

@Zoltán Zörgő can you give me an example to use the cookie in my website (global.asax, web.config and controller)
Thank you very much

Zoltán Zörgő 13-Jun-12 15:10pm

Cookies are set and consumed either on server side and client side. Here is a good article about them in MVC:
http://code-inside.de/blog-in/2010/10/19/howto-create-and-remove-cookies-with-asp-net-mvc/
and Javascript:
http://www.w3schools.com/js/js_cookies.asp
But I doubt this will bring you nearer. You need more than that. First of all more knowledge about http.