Forms authentication cookie - storing more than Identity

[DPritchard]

I'm going nuts trying to find a way to store a UserID within a FormsAuthentication cookie along side the users name.

I often store UserName and UserID in session objects when a user logs on. Of course these are lost once the session ends. Making the UserName persist between sessions is easy enough, but I can't for the life of me figure out how to customize this cookie to persist the UserID as well.

I've tried calling a sub from Application_AuthenticateRequest in global.asax that looks up the user (using user.Identity.Name) in my db, retriving the UserID and storing it in session, but I'm not having any luck with that either.

Any suggestions?

[Musician]

think this will work:-
dim cki as new httpcookie
cki("username") = username.text
cki("userid") = userid
cki.expires = date.today.addyears(20) 'or whatever
response.cookies.add(cki)

a cookie can be passed to forms authentication in this format too.

[DPritchard]

wow... I must have been trying too hard. I probably had 30+ lines of code in various locations and still couldn't get the job done.

Thanks Musician... I'll give it a shot asap!

[DPritchard]

Musician, You mention something about passing my data to Forms authentication as well? Could you elaborate on that? It's so hard finding documentation about this.

Thanks

[DPritchard]

ok... I've found a way to add the UserID to the Authentication Ticket. It's a long method of doing the same basic job, but it persists through the encrypted Authentication Ticket that's carried back between session.

Code:

    Private Sub btnLogin_Click()
        'AuthenticateUser() will check db against UN & PW and 
        'return UserID if found, or return empty string if
        'not found.

        Dim strUserID As String = AuthenticateUser(txtUN.Text, txtPW.Text)

        If strUserID <> "" Then

            'Create a new authentication ticket:
            Dim Ticket As New FormsAuthenticationTicket _
                (1, "UserName", DateTime.Now, DateTime.Now.AddYears(5), _
		chkPersist.Checked, strUserID)

            'Encrypt Ticket - just because we can:
            Dim EncryptedTicket As String = FormsAuthentication.Encrypt(Ticket)

            'Create a Cookie:
            Dim cki As New HttpCookie(FormsAuthentication.FormsCookieName, EncryptedTicket)

            'Write the cookie to the response:
            Response.Cookies.Add(cki)

            'Redirect User back to original URL:
            FormsAuthentication.GetRedirectUrl(txtUN.Text, chkPersist.Checked)
        Else
            lblLogInError.Visible = True
        End If

    End Sub

Now, next time they visit, assuming they checked the RememberMe checkbox, their UserID will already be available right along side their UserName.

To access the UserID:
lblUserID.Text = Ctype(User.Identity, FormsIdentity).Ticket.UserData