So, I’ve been working on a MVC cloud app for a while now. As I have work with mostly forms based authentication in the past, and decided to use my own membership provider (not out of the box provider), I continually had issues with obtaining user authentication, and receiving user information in order to confirm proper authentication on the controller level.

As far as creating the cookie for authentication, this isn’t an issue. First we need to (on login), authenticate the user based upon submitted values, and then we can set the cookie.

Code Snippet
  1. FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userString, DateTime.UtcNow, DateTime.UtcNow.AddMinutes(5), createPersistentCookie, FormsAuthentication.FormsCookiePath);
  2.                     string encTicket = FormsAuthentication.Encrypt(ticket);
  3.                     Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

Comments on above: 1 is the formauthentication version, userString is a variable that contains the information you want to store in the name variable, the next two dates are the create date and expiration date,  createPersistentCookie parameter is a boolean value, and will determine if the cookie persists passed the session, and the last returns the location for the formsauth cookie path.

There’s a lot of debate on where specifically, user level determination, authorization, and delivery should be concerned, and how it should be tackled. I prefer to have my controller handler this, and thus, understanding who the user is, is important at that level. Identity is not populated within the structure until after initiation, and thus, makes it tough to obtain this information without some hacking. Fortunately I found a couple solutions.

You can create a controller action that obtains this information and then passes it on to your other controller as needed. Another option was to write a new controller that would inherit the controller type, and add a username to it, and whatever controller needed this information, it could just be a lookup value as a shared string (or whatever datatype you intend your identifier to be!). It is important to note, some values are not allowed to be null, so handling that situation in the else block is up to you depending on type.

Here’s the code:

Code Snippet
  1. public class UserAwareController : Controller
  2.     {
  3.         public String CurrentUser;
  5.         protected override void Initialize(System.Web.Routing.RequestContext requestContext)
  6.         {
  7.             base.Initialize(requestContext);
  9.             if (requestContext.HttpContext.User.Identity.IsAuthenticated)
  10.             {
  11.                 CurrentUser = requestContext.HttpContext.User.Identity.Name;
  12.             }
  13.             else
  14.             {
  15.                 CurrentUser = null;
  16.             }
  17.         }
  19.     }


Now, all you need to do, to obtain the user information you desire (which can be changed in the initialize method), you just need to reference the variable within the controller. just like a typical string.


Code Snippet
  1. public JsonResult _getUser()
  2. {
  3.     return Json(CurrentUser);
  4. }


There’s a lot of reasons to desire this information on the controller, and this modification allows you to do it on the MVC side of things.

There isn’t a particular source I used for this, looked at a LOT of posts the last couple days to determine which way was the best way for me, and my needs on this application.