asp.netforms-authenticationwebhttp

Extend forms authentication to use a custom http header for ticket


I have a wcf webhttp service which uses forms authentication to authenticate users. This works fine if the ticket comes in the cookie collection or in the url.

But now I want to send the string of the forms auth ticket in a custom http header and change the forms auth module to check for that header instead of the cookie.

I think it should be easy to extend forms auth to achive this, but could not find any resources of how to. Can you point me in the right direction ?

here's how my authentication flow would work,

  1. A client calls the authenticate method with the username and pwd
  2. Service returns the encrypted ticket string
  3. Client send the received ticket string in a http header with every subsequent request
  4. Service checks for auth header and validates the auth ticket

Solution

  • FormAuthentication module is not extendible, but you could write your own authentication. It is very simple:

    Authentication(2):

    
    var formsTicket = new FormsAuthenticationTicket(
        1, login, DateTime.Now, DateTime.Now.AddYears(1), persistent, String.Empty);
    var encryptedFormsTicket = FormsAuthentication.Encrypt(formsTicket);
    //return encryptedFormsTicket string to client
    

    Service call with attached ticket(4):

    
    var ticket = FormsAuthentication.Decrypt(encryptedFormsTicket)
    //extract authentication info from ticket: ticket.Name