[Mono-aspnet-list] ASP.NET MVC 3 - Renewing authorization during a request works on Windows, but not on Linux/Mono

Carson carson7c at aol.com
Thu Sep 8 10:54:08 EDT 2011 


 

 Hi,
in an ASP.NET MVC 3 application I'm sending emails with an activation link to subscribers.

I want them to be logged in automatically after clicking the link when the activation was successful.
(I do not want to use redirect for several reasons (omitted for brevity))

The problem is that request authorization takes place at the beginning of a request, so when I set the Authorization Cookie 
 ( FormsAuthentication.SetAuthCookie(email, false); )
the authorization has already happened before that and the request isn't authorized and while technically being logged in a user get's the visual cue that he's not and even the link to the login-form gets rendered. 

On my Windows-development machine the solution from Branislav (code below)
http://stackoverflow.com/questions/2105391/how-to-set-request-isauthenticated-to-true-when-not-using-formsauthentication-red/2108227#2108227
works perfectly, but it doesn't work on Mono. (xsp4 & fastcgi-mono-server4)
The solution is calling RenewCurrentUser before returning the View.


1. It would be great if someone could tell me what I need to change in RenewCurrentUser so that it works on Mono as well.
2. Background info about the difference in behavior would also be very interesting.

Best regards,
Carson

    private void RenewCurrentUser()
    {
      System.Web.HttpCookie authCookie =
          System.Web.HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
      if (authCookie != null)
      {
        FormsAuthenticationTicket authTicket = null;
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);

        if (authTicket != null && !authTicket.Expired)
        {
          FormsAuthenticationTicket newAuthTicket = authTicket;

          if (FormsAuthentication.SlidingExpiration)
          {
            newAuthTicket = FormsAuthentication.RenewTicketIfOld(authTicket);
          }
          string userData = newAuthTicket.UserData;
          string[] roles = userData.Split(',');

          System.Web.HttpContext.Current.User =
              new System.Security.Principal.GenericPrincipal(new FormsIdentity(newAuthTicket), roles);
        }
      }
    }


 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-aspnet-list/attachments/20110908/04589c50/attachment.html

More information about the Mono-aspnet-list mailing list