开发者

Facebook Connect & ASP.NET Forms Authentication - Timing/Cookie Problem

Here's what i have:

  • ASP.NET 4.0 Web Application
  • Forms Authentication (Cookie Based)

Here's what i'm trying to do:

  • Integrate with Facebook Connect (using the JavaScript & Graph API's)
  • Pro开发者_JS百科vide a Single-Sign-On Service for my users (automatically log in users if their logged in and connected to Facebook)

On every page there is a control which shows anonymous/logged in user details.

Here's the issue: On Page_PreRender of this user control (which is on every page, so consider this event being executed on every single page request), i attempt the auto-sign on based on the Facebook Authentication status (JavaScript API - Cookies).

If the sign on is successful, i log them in using FormsAuthentication.SetAuthCookie.

This is all working fine.

However, right after i do single sign on (literally the next line), i need to render out either the anonymous stuff (please sign in) or the authenticated user stuff (display name, etc). The problem is, the user isnt really "authenticated" to my site yet. To be "authenticated" to my site i do standard stuff (check the HttpContext.User.Identity.IsAuthenticated property).

I think its not yet set to "true" because the Forms Auth cookie has been created, but thats in the response, the HttpContext.User.Identity.IsAuthenticated is based on the request at this point in time - am i right there?

So of course, its showing the anonymous details even though the user is logged in.

When i refresh the page of course, the correct user details are shown.

So its almost a timing issue. How can i auto-login a user (via FormsAuthentication.SetAuthCookie) ensuring the HttpContext.User.Identity.IsAuthenticated is true?

Maybe im doing the authentication/single-sign-on in the wrong place?

Or do i need to almost do a Response.Redirect to myself in order to refresh the cookies in the HTTP Request?

As you all know, the doco for Facebook Connect is scattered and minimal, so its all a matter of piecing things together.

Any help would be appreciated...cheers!


Okay i found the answer (and it was the answer that i hoped WOULDN't be the answer).

As i predicted, FormsAuthentication.SetAuthCookie creates an authentication cookie in the HTTP Response Stream. But HttpContext.User.Identity.IsAuthenticated reads the HTTP Request Stream (which does not have the cookie).

So the solution is to programatically refresh the page using Response.Redirect(this.Context.Request.RawUrl, true) (second parameter terminates current page execution) to reload the cookie in the HTTP Request.

This is why i guess we always have a Login.aspx page which sets the forms cookie then redirects somewhere, because by the time the redirect to "somewhere" happens, another request is made so the cookies are refreshed.

I'll probably put the Facebook Authorization stuff in a standalone .aspx page so and do it the same way as regular forms auth.

Oh and the "refresh" idea was mentioned by a Microsoft Person here.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜