6.9. Leveraging the UserData Property

I will start out by saying up front that you can only leverage the UserData property for applications that run in cookie mode. Although the constructor for creating a FormsAuthenticationTicket with user data is public, there is no publicly available API for setting an instance of a FormsAuthenticationTicket onto a URL. As a result, the only way that the UserData can be used is if authentication tickets are sent in cookies.

The nice aspect of the UserData property is that after you get custom data into the forms authentication ticket, the information is always there and available on all subsequent page requests. The problem in ASP.NET 1.1, ASP.NET 2.0 and ASP.NET 3.5 is that there is no single method that you can call wherein you supply both custom data for the UserData property and the username of the authenticated user. This oversight in ASP.NET 2.0 and ASP.NET 3.5 is somewhat unfortunate because I run across internal and external customers over and over again that need to store a few extra pieces of identification or personalization information after a user logs in. Storing this information in the forms authentication ticket is logical, and it can eliminate the need to cobble together custom caching mechanisms just to solve basic performance problems such as displaying a friendly first name and last name of a customer on every single web page.

So, how do you store extra information in a forms authentication ticket and then issue the ticket ...

Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.