System.Net.Cookie vs System.Web.Cookie -- asp.net security

william
4/14/2008 6:47:03 AM

Hi Dominick,

Thanks for your response.
I've tried to copying web.cookie to net.cookie, got error "The parameter
'{0}' cannot be an empty string.Parameter name: cookie.Domain". Here is my
code:

System.Net.Cookie cookie = new
System.Net.Cookie(Request.Cookies[".ASPXAUTH"].Name,
Request.Cookies[".ASPXAUTH"].Value, Request.Cookies[".ASPXAUTH"].Path,
Request.Cookies[".ASPXAUTH"].Domain);
System.Net.CookieContainer cookies = new
System.Net.CookieContainer();
cookies.Add(cookie); //error happens here

Any idea?

Thanks.

William
[quoted text, click to view]

william
4/14/2008 11:47:00 AM

Hi,

Acturally I'm looking for sharing authcookie between web applications and
web services. Both use Forms Authentication, and use .NET memberhsip
framework to authenticate user.
Senario 1. After user login to web application by providing user id and
password, create System.Net.Cookie by current web cookie, and assign this
cookie to web service's cookiecontainer, and call web service.
Senario 2. I have a login.asmx web service. From web application, make a
call to this web service to validate user, after successfully authenticated,
I can get authcookie. I want to use this cookie for further access pages
which are restricted only allow authenticated users.

Thanks.
William

[quoted text, click to view]

Dominick Baier
4/14/2008 7:08:21 PM

OK - this is possible.

Use your server name as a domain like "www.server.com"

if web app and service are in different vdirs / servers you also need to
sync the <machineKey /> element.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about asp.net security

asp.net security : System.Net.Cookie vs System.Web.Cookie