I'm setting up mixed mode authentication in a C# web app. I set the AuthCookie in the WindowsAuthentication website and then try to redirect to the FormsAuthentication website. I think the cookie is in the correct path and everything because Context.Request.IsAuthenticated is true. Unfortunately, I keep getting redirected to the login page of the FormsAuthentication website as if I haven't set the AuthCookie. What is going on?
I'm not familiar with how authentication works in ASP.NET so please, explain it to me like I'm 5. Thanks, :)
edit: Here is the event in the Global.asax of the WindowsAuth site that makes the cookie. This site currently resides in the path /authentication "under" the FormsAuth site.
void Application_PostAuthenticateRequest(Object sender, EventArgs e) { WindowsIdentity ident = WindowsIdentity.GetCurrent(); WindowsPrincipal p = new WindowsPrincipal(ident); if (p.Identity.IsAuthenticated) { HttpCookie cookie = FormsAuthentication.GetAuthCookie(p.Identity.Name, false); FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(cookie.Value); // Store roles inside the Forms cookie. FormsAuthenticationTicket newTicket = new FormsAuthenticationTicket( ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, "", ticket.CookiePath); string encTicket = FormsAuthentication.Encrypt(newTicket); Context.Response.Cookies.Add(new HttpCookie(".GWBTroubleTickets", encTicket)); } Response.Redirect("/employee/home.aspx"); }
The event may be called many times per page. - https://stackoverflow.com/a/5947309/57883 You don't have an
if/elsesurrounding theResponse.Redirect("/employee/home.aspx");Try using a custom attribute instead of this event