Post
Ask Question

Store Role in Authenticated Cookies for SSO

Introduction

This blog explains about Customizing Form Authentication for storing role information with username in Form Authentication Cookie. Storing role in authenticated cookie helps when we use SSO -Single Sign On functionality for authentication and role value used in authorizing user.

Description

I am working on SSO- Single Sign On Functionality with disconnected architecture and SSO for cross domain or sub domain. I have three sub domain web sites which share common Authentication, but hosted at different places such as GoDaddy, BlueHost, Big Rocks etc. This system first request for valid authentication and then further processing is done. As all user info is stored in main server other sub domains do not contain any information about user or role. So any how I need functionality for Single Sign On with authentication as well as authorization and finally I found this solution for requirement. I will guide you the internal structure of Form Authentication and also customize Form Authentication cookie for storing role or other information which is useful for SSO- Single Sign On for Authentication as well as Authorization.

  1. FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2,    
  2.         username,    
  3.         DateTime.Now,//Cookie Issue Date    
  4.         DateTime.Now.AddMinutes(30),//Expire Date    
  5.         isPersistent,//Is cookie Persistent or not     
  6.         userData,//Custom data here we store current authenticated user'srole     
  7.       FormsAuthentication.FormsCookiePath); // Encrypt the ticket.          
  8.       string encTicket = FormsAuthentication.Encrypt(ticket);// Create the cookie with authenticated ticket.        
  9.         Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));      

In the preceding code once user is successfully authenticated with valid credential, we can create FormAuthenticatationTicket by storing current user's role information. I have referenced above code from MSDN. For More information you can visit this link.

How to access this role information while request in other system?
  1. FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(FormsAuthentication.FormsCookieName);  
  2. String data = ticket.UserData;  
  3. String[] roles = data.Split(',');//If you have store multiple role or data with Comma value  

As from above code we can decrypt authenticated cookie and extract all information we have set such as Username,Cookie Issue Date, Expire Date, UserData etc. As previously we have stored role information in userData property, we can retrieve User's Role value and check weather user have valid access right or not.

Conclusion

In this blog we learned storing role information with username in Form Authentication Cookie by customizing form authentication ticket. So we use this custom field in SSO- Single Sign On Authentication and Authorization on Sub Domain project.