CreatingCookieEventArgs.CustomCredential Property

Reference

Definition

Namespace:: System.Web.ApplicationServices

Assembly:: System.Web.Extensions.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Gets additional authentication values that are provided by the user.

public:
 property System::String ^ CustomCredential { System::String ^ get(); };

public string CustomCredential { get; }

member this.CustomCredential : string

Public ReadOnly Property CustomCredential As String

Property Value

String

The custom values required for authentication, other than user name and password.

Examples

The following example shows an event handler for the CreatingCookie event. The handler retrieves user values from the CreatingCookieEventArgs object in order to customize the authentication cookie. The value passed in the CustomCredential property is stored in the UserData property of the forms authentication ticket.

Note

Store the CustomCredential property in a cookie only when you know that the data in the property is not sensitive. Malicious users can access the values in the cookie.

void AuthenticationService_CreatingCookie(object sender, 
    System.Web.ApplicationServices.CreatingCookieEventArgs e)
{
    FormsAuthenticationTicket ticket = new
          FormsAuthenticationTicket
            (1,
             e.UserName,
             DateTime.Now,
             DateTime.Now.AddMinutes(30),
             e.IsPersistent,
             e.CustomCredential,
             FormsAuthentication.FormsCookiePath);

    string encryptedTicket =
         FormsAuthentication.Encrypt(ticket);

    HttpCookie cookie = new HttpCookie
         (FormsAuthentication.FormsCookieName,
          encryptedTicket);
    cookie.Expires = DateTime.Now.AddMinutes(30);

    HttpContext.Current.Response.Cookies.Add(cookie);
    e.CookieIsSet = true;
}

Sub AuthenticationService_CreatingCookie(ByVal sender As Object, _
                 ByVal e As System.Web.ApplicationServices.CreatingCookieEventArgs)
    Dim ticket As FormsAuthenticationTicket = New _
       FormsAuthenticationTicket _
        (1, _
         e.Username, _
         DateTime.Now, _
         DateTime.Now.AddMinutes(30), _
         e.IsPersistent, _
         e.CustomCredential, _
         FormsAuthentication.FormsCookiePath)
        
    Dim encryptedTicket As String = FormsAuthentication.Encrypt(ticket)
    
    Dim cookie As HttpCookie = New _
        HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
    cookie.Expires = DateTime.Now.AddMinutes(30)
    
    HttpContext.Current.Response.Cookies.Add(cookie)
    e.CookieIsSet = True
End Sub

Remarks

You use the CustomCredential property to retrieve custom values in the authentication ticket. The CustomCredential property contains the value passed to the Login method. Typically, this property is used to pass custom values that must be validated with the user name and password, such as an identification number. If more than one value is stored in the property, you must parse the CustomCredential property in order to retrieve values.

Applies to