2008年9月5日

[ASP.Net] Authentication ticket added manually by code could not be removed

When validating users in custom authentication module or aspx codes, we can manually add authentication ticket to the response like codes listed bellow:

FormsAuthenticationTicket fat = new FormsAuthenticationTicket(value, true, 10);


HttpCookie cookie = new HttpCookie(".AUTHFORM");


cookie.Value = FormsAuthentication.Encrypt(fat);


cookie.Expires = fat.Expiration;


HttpContext.Current.Response.Cookies.Add(cookie);




When trying to remove the ticket when its not needed, you may want do it by





FormsAuthentication.SignOut();


//or


HttpContext.Current.Response.Cookies.Remove(".AUTHFORM");




Although MSDN states that FormsAuthentication.SignOut() remove forms-authentication ticket, but you sadly realized that this seem not true when dealing with ticket created by codes.



So to solve this, we simply set the cookie's expiration to Now.





HttpContext.Current.Response.Cookies[FormsAuthentication.FormsCookieName].Expires = System.DateTime.Now;



This expires existing ticket.

2008年9月3日

[Remoting][.Net]The type initializer for 'System.Runtime.Remoting.Identity' threw an exception

When implementing a distributed system with .Net Remoting, sometimes we need to impersonate client users on server side(remoted object side), detail of how to setup the environment please refer to this post.

The system works fine until we move to staging environment. The most difference between testing env and staging env is that in staging env, our web are reside on web server and remoting system are in application server.(both in same domain)

When invoking remote method, I got this error:The type initializer for 'System.Runtime.Remoting.Identity' threw an exception.

This occurs due to the user which was impersonated does not have "Impersonate client after authenticated" & "Create Global Object" privillege. So to solve this we have to open "Local Security Setting" tool on remoting server(application server), open "Local Policies/User Rights Assignment", double click those 2 settings and add the user who will be impersonated.(see Microsoft Support Article)

When I done this, I got another error states that "Keyset is not defined", the most close situation I found on internet is this KBAlertz post, I did not check my CSP defination since I never modify them and I think they should not named with multi-byte characters by system default, so I when back to my source code and found that this exception was thrown when I tried to create a new AppDomain.

I remark those lines and the exception goes away.

 

Need to dig further about what have when wrong while creating AppDomain.

Blog Archive

About Me