Branislav Abadjimarinov's technical blog

Branislav Abadjimarinov's technical blog - For January 2010

  1. Application Architecture Guide 2.0

    In codeplex I found a very interesting book part of Microsoft Patterns and Practices. The book is Application Architecture Guide 2.0 - http://www.codeplex.com/AppArchGuide . It covers various topics from application architecture field in Microsoft and in general. The book is a must read for Microsoft application architects, developers and even IT. It will help you understand a lot of the terminology and the ideas behind the application design. The chapters are short, informative and very well written. The book is one of the few good readings I've found about Architectural design patterns. The lack of information in this area is one of the reasons for so much badly designed code in applications. I think also that it will be awesome if we can create a university course for Application Architecture based on this book and other resources.

    Posted by Branislav Abadjimarinov on January 25 at 8:36 AM

  2. Renew User in the same Request in asp.net while using forms authentication with cookies

    In ASP.NET forms authentication the usual authentication flow goes like this:

    • a user submits his credentials;
    • they are  validated against database, web.config or other data source;
    • an authentication cookie is issued and added to the current response (which is not sent yet);
    • the cookie is sent along with the response;
    • on the next request from that user the cookie is decrypted and the current Security Principal is initialised with the data;

    While this is good for most cases it has one flow - immediately after the authentication cookie is issued the current Security Principal for the request is outdated. You can check this with the following code:

    if(Membership.ValidateUser(userName, password))
    {
        FormsAuthentication.SetAuthCookie(userName, false);
        bool isAuthenticated = Request.IsAuthenticated; // isAuthenticated is false
    }

    This outcome is logical because of the authentication flow but some times it is confusing and can cause problems. A possible solution is to renew the information for the Current Security Principal for the request. This can be done with the following code:
    public void RenewCurrentUser()
    {
      System.Web.HttpCookie authCookie =
        System.Web.HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
      if (authCookie != null)
      {
        FormsAuthenticationTicket authTicket = null;
        authTicket = FormsAuthentication.Decrypt(authCookie.Value);

        if (authTicket != null && !authTicket.Expired)
        {
          FormsAuthenticationTicket newAuthTicket = authTicket;

          if (FormsAuthentication.SlidingExpiration)
          {
            newAuthTicket = FormsAuthentication.RenewTicketIfOld(authTicket);
          }
          string userData = newAuthTicket.UserData;
          string[] roles = userData.Split(',');

          System.Web.HttpContext.Current.User =
            new System.Security.Principal.GenericPrincipal(new FormsIdentity(newAuthTicket), roles);
        }
      }
    }

    You can check if the solution works like this:

    if(Membership.ValidateUser(userName, password))
    {
        FormsAuthentication.SetAuthCookie(userName, false);
        bool isAuthenticated = Request.IsAuthenticated; // isAuthenticated is false
        RenewCurrentUser();
        isAuthenticated = Request.IsAuthenticated; // isAuthenticated is true
    }
     

    Posted by Branislav Abadjimarinov on January 24 at 3:52 AM

© Copyright 2017 Powered by AtomSite 1.3.0.0