Our ASP.NET website is using FormAuthentication. After login success, it will add a cookie to client side. Here is the code.
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
expiration,
remember,
roles,
FormsAuthentication.FormsCookieName);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));
Response.Cookies.Add(authCookie);
Then I can see that a cookie with name .ASPXAUTH is created in client browser. Next time, when I visit the website, I can see that HttpContext.Current.Request.IsAuthenticated is marked into true automatically. I guess ASP.NET decrypt the cookie and get the user information.
How can I debug this process? I want to see the source code to find out how HttpContext.Current.Request.IsAuthenticated is assgined into true.