FormsIdentity Class (System.Web.Security)

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

FormsIdentity Class

Represents a user identity authenticated using forms authentication. This class cannot be inherited.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)

Syntax

Visual Basic (Declaration)

<SerializableAttribute> _
<AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level := AspNetHostingPermissionLevel.Minimal)> _
Public NotInheritable Class FormsIdentity _
    Implements IIdentity

Visual Basic (Usage)

Dim instance As FormsIdentity

[SerializableAttribute]
[AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public sealed class FormsIdentity : IIdentity

Visual C++

[SerializableAttribute]
[AspNetHostingPermissionAttribute(SecurityAction::LinkDemand, Level = AspNetHostingPermissionLevel::Minimal)]
public ref class FormsIdentity sealed : IIdentity

JScript

public final class FormsIdentity implements IIdentity

Remarks

The FormsIdentity class is used by the FormsAuthenticationModule when a user is authenticated with forms authentication. An instance of the FormsIdentity class is created using the FormsAuthenticationTicket that is decrypted from the forms-authentication cookie or from the URL. The new instance of the FormsIdentity class is used to construct a new GenericPrincipal object that is set as the value of the User property for the current HttpContext.

Examples

The following code example generates a FormsAuthenticationTicket and then uses it to create an instance of the FormsIdentity class, based on whether the user supplies the correct user name and password on the form.

Visual Basic

<%@ Page Language="vb" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<%@ Import Namespace="System.Globalization" %>
<script runat="server">
    Private Sub Login_Click(ByVal sender As System.Object, _
        ByVal e As System.EventArgs) Handles Login.Click

        ' For the example, the user name must be "UserName" and the password
        ' must be "Password" for authentication to succeed.
        Dim isAuthenticated As Boolean
        If String.Compare(UserNameTextBox.Text, "UserName", True, _
            CultureInfo.InvariantCulture) = 0 Then
            If String.Compare(PasswordTextBox.Text, "Password", True, _
                CultureInfo.InvariantCulture) = 0 Then
                isAuthenticated = True
            End If
        Else
            isAuthenticated = False
        End If

        ' Create the FormsIdentity for the user.
        CreateFormsIdentity(UserNameTextBox.Text, isAuthenticated)

    End Sub

    Private Sub CreateFormsIdentity(ByVal userName As String, _
        ByVal isAuthenticated As Boolean)

        Dim formsId As System.Web.Security.FormsIdentity
        Dim authenticationTicket As _
            System.Web.Security.FormsAuthenticationTicket

        If isAuthenticated Then
            ' If authentication passed, create a ticket 
            ' as a Manager that expires in 15 minutes.
            authenticationTicket = _
                New FormsAuthenticationTicket(1, userName, DateTime.Now, _
                DateTime.Now.AddMinutes(15), False, "Manager")
        Else
            ' If authentication failed, create a ticket 
            ' as a guest that expired 5 minutes ago.
            authenticationTicket = _
                New FormsAuthenticationTicket(1, userName, DateTime.Now, _
                DateTime.Now.Subtract(New TimeSpan(0, 5, 0)), False, "Guest")
        End If

        ' Create form identity from FormsAuthenticationTicket.
        formsId = New FormsIdentity(authenticationTicket)

        Response.Clear()
        Response.Write("Authenticate Type: " & _
            formsId.AuthenticationType & "<BR>")

        ' Get FormsAuthenticationTicket from the FormIdentity
        Dim ticket As FormsAuthenticationTicket = formsId.Ticket()
        If ticket.Expired Then
            Response.Write("Authentication failed, so the role is set to " & _
                ticket.UserData)
        Else
            Response.Write("Authentication succeeded, so the role is set to " & _
                ticket.UserData)
        End If
    End Sub

</script>
<html  >
    <head>
        <title>WebForm1</title>
    </head>
    <body>
        <form id="Form1" method="post" runat="server">
            <asp:Label id="UserIdLabel" runat="server"
                style="left: 144px; position: absolute; top: 160px">
                User-ID:</asp:Label>
            <asp:Label id="PasswordLabel" runat="server"
                style="left: 144px; position: absolute; top: 200px">
                Password:</asp:Label>
            <asp:TextBox id="UserNameTextBox" runat="server"
                style="left: 232px; position: absolute; top: 160px;
                width:182px; height:22px"></asp:TextBox>
            <asp:TextBox id="PasswordTextBox" runat="server"
                style="left: 232px; position: absolute; top: 200px;
                width:181px; height:22px" TextMode="Password">
                </asp:TextBox>
            <asp:Button id="Login" runat="server" Text="Login"
                style="left: 232px; position: absolute; top: 232px; 
                width:100px"></asp:Button>
        </form>
    </body>
</html>

<%@ Page Language="C#" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<%@ Import Namespace="System.Globalization" %>
<%@ Import Namespace="System.Web.Security" %>
<script runat="server">
    protected void Login_Click(object sender, EventArgs e)
    {
        bool isAuthenticated = false;
        if (string.Compare(UserNameTextBox.Text, "UserName", true,
        CultureInfo.InvariantCulture) == 0)
        {
            if (string.Compare(PasswordTextBox.Text, "Password", true,
            CultureInfo.InvariantCulture) == 0)
            {
                isAuthenticated = true;
            }
        }
        else isAuthenticated = false;

        // Create the formsIdentity for the user.
        CreateformsIdentity(UserNameTextBox.Text, isAuthenticated);
    }
    private void CreateformsIdentity(string userName, bool isAuthenticated)
    {
        FormsIdentity formsID;
        FormsAuthenticationTicket authenticationTicket;

        if (isAuthenticated)
        {
            // If authentication passed, create a ticket 
            // as a Manager that expires in 15 minutes.
            authenticationTicket = new FormsAuthenticationTicket(1, userName,
                DateTime.Now, DateTime.Now.AddMinutes(15), false, "Manager");
        }
        else
        {
            // If authentication failed, create a ticket 
            // as a guest that expired 5 minutes ago.
            authenticationTicket = new FormsAuthenticationTicket(1, userName,
                DateTime.Now, DateTime.Now.Subtract(new TimeSpan(0, 5, 0)),
                false, "Guest");
        }

        // Create form identity from FormsAuthenticationTicket.
        formsID = new FormsIdentity(authenticationTicket);
        Response.Clear();
        Response.Write("Authentication Type: " + formsID.AuthenticationType +
            "<BR>");

        // Get FormsAuthenticationTicket from the FormIdentity
        FormsAuthenticationTicket ticket = formsID.Ticket;
        if (ticket.Expired)
        {
            Response.Write("Authentication failed, so the role is set to " +
                ticket.UserData);
        }
        else
        {
            Response.Write("Authentication succeeded, so the role is set to " +
                ticket.UserData);
        }
    }
</script>
<html  >
    <head>
        <title>WebForm1</title>
    </head>
    <body>
        <form id="Form1" method="post" runat="server">
            <asp:Label id="UserIdLabel" runat="server"
                style="left: 144px; position: absolute; top: 160px">
                User-ID:</asp:Label>
            <asp:Label id="PasswordLabel" runat="server"
                style="left: 144px; position: absolute; top: 200px">
                Password:</asp:Label>
            <asp:TextBox id="UserNameTextBox" runat="server"
                style="left: 232px; position: absolute; top: 160px;
                width:182px; height:22px"></asp:TextBox>
            <asp:TextBox id="PasswordTextBox" runat="server"
                style="left: 232px; position: absolute; top: 200px;
                width:181px; height:22px" TextMode="Password">
                </asp:TextBox>
            <asp:Button id="Login" runat="server" Text="Login"
                style="left: 232px; position: absolute; top: 232px; 
                width:100px" OnClick="Login_Click"></asp:Button>
        </form>
    </body>
</html>

.NET Framework Security

AspNetHostingPermission
for using the FormsIdentity class in a hosted environment. Demand value: LinkDemand; Permission value: Minimal.

Inheritance Hierarchy

System..::.Object
System.Web.Security..::.FormsIdentity

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

Reference

FormsIdentity Members

System.Web.Security Namespace

Other Resources

Forms Authentication Provider