Erik Porter's Blog

Life and Development at Microsoft and Other Technology Discussions

News

    ASP.NET Custom Authentication Problems

    Just wanted to post up something quickly so maybe someone searching won' go through the same silly mistakes I just made.  When doing your own custom authentication in ASP.NET all you really have to do is set the Cookie for the user yourself and in the AuthenticateRequest Method in the global.asax generate your own custom IPrincipal and set to to Context.User.  This works really great.  If you have all your pages inheriting from a BasePage Class already for templating or whatever, you can then just hide the User Property of the Page Class with your own IPrincipal and you can get all your custom fields in intellisense.

    Again, I say this works great...UNTIL you make a silly mistake and get a fun error like Object reference not set to an instance of an object from some internal authentication Methods or even better when all of a sudden, the user logs in, the cookie gets set and now it says there's an error in the config file on the authorization tag.  :(

    There are two cause that I found so far.  If you forget to pass in the IIdentity from the Authentication Ticket so basically your new IPrincipal's Identity Property returns Nothing (null) it will blow this error and there is basically nothing in the error to help you figure out why it's happening.  It's a stupid mistake and I shouldn't have made it, but I figure I can't be the only one that's ever gotten it!  ;)  The other case is that I setup a custom IHttpHandler to add the account name of the logged in customer into the url and have it redirect the request down to the actual page (like a virtual folder for each account, kind of like how "eporter" on weblogs.asp.net isn't really a real folder on the server).  This always worked fine until the user logged in and the cookie was set.  I found out that I had an extra forward slash ("/") in the url when I was calling PageParser.  It never seemed to care until the cookie was set and gives an error that has nothing to do with the problem.

    Hopefully I'm the only one that's ever made these dumb mistakes.  ;)

    Posted: Feb 25 2005, 12:40 PM by HumanCompiler | with 2 comment(s)
    Filed under: ,

    Comments

    Mohammed said:

    Could you share you Custom Authentication code?

    # March 2, 2007 5:28 PM

    Erik Porter's Blog : Re: ASP.NET Custom Authentication Problems said:

    PingBack from http://weblogs.asp.net/eporter/archive/2007/03/02/re-asp-net-custom-authentication-problems.aspx

    # March 2, 2007 6:39 PM