FormsAuthenticationTicket Class
TOC
Collapse the table of content
Expand the table of content

FormsAuthenticationTicket Class

 

Provides access to properties and values of the ticket used with forms authentication to identify users. This class cannot be inherited.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

System.Object
  System.Web.Security.FormsAuthenticationTicket

[SerializableAttribute]
public sealed class FormsAuthenticationTicket

NameDescription
System_CAPS_pubmethodFormsAuthenticationTicket(Int32, String, DateTime, DateTime, Boolean, String)

Initializes a new instance of the FormsAuthenticationTicket class with cookie name, version, expiration date, issue date, persistence, and user-specific data. The cookie path is set to the default value established in the application's configuration file.

System_CAPS_pubmethodFormsAuthenticationTicket(Int32, String, DateTime, DateTime, Boolean, String, String)

Initializes a new instance of the FormsAuthenticationTicket class with cookie name, version, directory path, issue date, expiration date, persistence, and user-defined data.

System_CAPS_pubmethodFormsAuthenticationTicket(String, Boolean, Int32)

Initializes a new instance of the FormsAuthenticationTicket class using a cookie name and expiration information.

NameDescription
System_CAPS_pubpropertyCookiePath

Gets the cookie path for the forms-authentication ticket.

System_CAPS_pubpropertyExpiration

Gets the local date and time at which the forms-authentication ticket expires.

System_CAPS_pubpropertyExpired

Gets a value indicating whether the forms-authentication ticket has expired.

System_CAPS_pubpropertyIsPersistent

Gets a value indicating whether the cookie that contains the forms-authentication ticket information is persistent.

System_CAPS_pubpropertyIssueDate

Gets the local date and time at which the forms-authentication ticket was originally issued.

System_CAPS_pubpropertyName

Gets the user name associated with the forms-authentication ticket.

System_CAPS_pubpropertyUserData

Gets a user-specific string stored with the ticket.

System_CAPS_pubpropertyVersion

Gets the version number of the ticket.

NameDescription
System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

The FormsAuthenticationTicket class is used to create an object that represents the authentication ticket that is used by forms authentication to identify an authenticated user. The properties and values of a forms-authentication ticket are converted to and from an encrypted string that is stored in a cookie or in the URL.

The FormsAuthentication class provides an Encrypt method to create a string value that can be stored in a cookie or in the URL from a FormsAuthenticationTicket. The FormsAuthentication class also provides a Decrypt method to create a FormsAuthenticationTicket object from the encrypted authentication ticket retrieved from the forms-authentication cookie or the URL.

The FormsAuthenticationTicket for the current authenticated user can be accessed using the Ticket property of the FormsIdentity class. You can access the current FormsIdentity object by casting the Identity property of the current User as type FormsIdentity.

The following code example stores the result of the Encrypt method in a cookie using the FormsCookieName and redirects the user to the URL returned from the GetRedirectUrl method.

System_CAPS_security Security Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

  private void Login_Click(Object sender, EventArgs e)
  {
    // Create a custom FormsAuthenticationTicket containing
    // application specific data for the user.

    string username     = UserNameTextBox.Text;
    string password     = UserPassTextBox.Text;
    bool   isPersistent = false;

    if (Membership.ValidateUser(username, password))
    {
      string userData = "ApplicationSpecific data for this user.";

      FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
        username,
        DateTime.Now,
        DateTime.Now.AddMinutes(30),
        isPersistent,
        userData,
        FormsAuthentication.FormsCookiePath);

      // Encrypt the ticket.
      string encTicket = FormsAuthentication.Encrypt(ticket);

      // Create the cookie.
      Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

      // Redirect back to original URL.
      Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent));
    }
    else
    {
      Msg.Text = "Login failed. Please check your user name and password and try again.";
    }
  }

</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>Forms Authentication Login</title>
</head>
<body>
    <form id="form1" runat="server">
        <span style="BACKGROUND: #80ff80; font-weight:bold"> 
            Login Page
        </span> 
        <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
        <table border="0">
            <tbody>
                <tr>
                    <td>Username:</td>
                    <td><asp:TextBox id="UserNameTextBox" runat="server" /></td>
                    <td>
                      <asp:RequiredFieldValidator id="RequiredFieldValidator1" 
                                                  runat="server" ErrorMessage="*" 
                                                  Display="Static" 
                                                  ControlToValidate="UserNameTextBox" />
                    </td>
                </tr>
                <tr>
                    <td>Password:</td>
                    <td><asp:TextBox id="UserPassTextBox" TextMode="Password" runat="server" /></td>
                    <td>
                      <asp:RequiredFieldValidator id="RequiredFieldValidator2" 
                                                  runat="server" ErrorMessage="*" 
                                                  Display="Static" 
                                                  ControlToValidate="UserPassTextBox" />
                    </td>
                </tr>
            </tbody>
        </table>
        <input type="submit" value="Login" runat="server" onserverclick="Login_Click" />
    </form>
</body>
</html>

.NET Framework
Available since 1.1

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show:
© 2016 Microsoft