Store Role in Form Authentication Cookie for SSO Authorization



Introduction

This article explains about Customize Form Authentication for store role information with username in Form Authentication Cookie. Storing role in authenticated cookie help when we use SSO -Single Sign On functionality for authentication and role value used in authorize user.

Description

I am working on SSO- Single Sign On Functionality with Disconnected Architecture. SSO for Cross Domain or  Sub Domain. I have three sub domain web site which share common Authentication but hosted at different place like GoDaddy, BlueHost, Big Rocks etc. These system first request for valid authentication and then further processing is done. As all user info is store in main server other Sub Domain do not contain any information about user or role.So Any How I need Functionality for Single Sign On With Authentication as well as Authorization and Finally I  found this solution for requirement.I will guide you internal structure of Form Authentication and also customize Form Authentication Cookie for store Role or other information which is useful for SSO- Single Sign On for Authentication  as well as Authorization.


 FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,
       username,
       DateTime.Now,//Cookie Issue Date
       DateTime.Now.AddMinutes(30),//Expire Date
       isPersistent,//Is cookie Persistent or not
       userData,//Custom data here we store current authenticated user's role
       FormsAuthentication.FormsCookiePath);

            // Encrypt the ticket.
            string encTicket = FormsAuthentication.Encrypt(ticket);

            // Create the cookie with authenticated ticket.
            Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

In above code once user is  successfully authenticated with valid credential web can create FormAuthenticatationTicket by storing current user's role information. I have reference above code from MSDN . For More information you can visit this link.

How to access this role information while request in other system?


                FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(FormsAuthentication.FormsCookieName);
                String data = ticket.UserData;
                String[] roles = data.Split(',');//If you have store multiple role or data with Comma value 

As from above code  we can decrypt authenticated cookie and extract all information we have set like Username,Cookie Issue Date, Expire Date,Userdata etc. As Previously we have store role information in userdata property we can retrieve User's Role value and check weather user have valid access right or not.

Conclusion

In this article we learn store role information with username in Form Authentication Cookie by Customizing Form Authentication Ticket. So we use this custom field in SSO- Single Sign On Authentication and Authorization on Sub Domain project.

No comments:

Post a Comment

Dynamic Query in LINQ using Predicate Builder

Introduction This tutorial explains how to create a dynamic query using LINQ, Using Predicate Builder  LINQ to SQL dynamic query an...

Learn More