Custom Forms Authentication - Pass User Data using userData!

My last post shared some information on custom forms authentication. I was able to use the information I shared to create a custom authentication scenario where I didn't necesarily have a login form, but I was able to still centralize all authentication in my web application's Application_AuthenticateRequest module in the Global.asax code behind.

One of my struggles with this method, however, was my attempt to pass any supplemental User Data I may need for the user's web experience. In other words, if I need the users customer number, where can I store this information? Well, you can store user's data in userData!

This wasn't immediately apparent to me, as any examples I came across talked about storing "Roles" in the userData field, but from what I have gathered, it really is an open ended field that you can store any supplemental data into.

So, when creating our FormsAuthenticationTicket, in two of our overloaded functions we have the ability to add userData. Here is one example:

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(version, name, issueDate, expiration, isPersistent, string userData, cookiePath);

So, when we create our ticket, and store it as a cookie, later we can retrieve the ticket from the cookie and make use of the userData property to get our user's data.

Finally, let's say we have a variety of information we want to store, such as customer number, address, and ZIP code. You can always just store this information as a delimited string:

Customer Number:12345678|Address:123 Foo Lane|ZIP Code:98765

Now, when you retrieve the authentication ticket, throw your delimited data into an array, parse the array into a HashTable, and then request your information as you need it. (By the way, if the forms auth ticket code looks familiar, it's because I made use of Dr. Bromberg's example from my last post!)

//Get our users identity
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
//Get all user info from the Forms Auth Ticket
FormsAuthenticationTicket ticket = id.Ticket;
//Get our user data, from the UserData property of the Forms Auth Ticket
string userData = ticket.UserData;
//Our data in userData is pipe delimited, so split it into an array
string[] info = userData.Split('|');

//Create a new HashTable to store our information
System.Collections.Hashtable ht = new Hashtable();
//Loop through our array
foreach(string s in info)
{
//Split each string at the ":", to give us a key/value pair
string[] splitme = s.Split(':');
//Now add our key/value pair to the HashTable
ht.Add(splitme[0].ToString(),splitme[1].ToString());
}

//Finally, our data is available to us as we need it!
string CustNum = ht["Customer Number"].ToString();
string CustAddress = ht["Address"].ToString();
string CustZIP = ht["ZIP Code"].ToString();