Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Form Authentication with cookieless browser

Reply
Thread Tools

Form Authentication with cookieless browser

 
 
Machi
Guest
Posts: n/a
 
      10-20-2003
This is a definition for Form Authentication from MSDN :
"The Forms authentication provider is an authentication
scheme that makes it possible for the application to
collect credentials using an HTML form directly from the
client. The client submits credentials directly to your
application code for authentication. If your application
authenticates the client, it issues a cookie to the client
that the client presents on subsequent requests. If a
request for a protected resource does not contain the
cookie, the application redirects the client to the logon
page."
My Question : If i want to use Form authentication but
client browsers does not support cookies (Since we do not
know whether particular users' browsers will support
cookie or not), when user tries to sign in to my page, how
actually ASP.NET works internally in order to support
cookieless browser??? Thanks
 
Reply With Quote
 
 
 
 
Teemu Keiski
Guest
Posts: n/a
 
      10-20-2003
Hi,

working without cookies with Forms Authentication needs bit custom work to
be done, namely you need to manually persist the forms authentication ticket
in the querystring.

The query string variable name needs to match the cookie name specified at
web.config for the forms authentication and the actual data is the encrypted
FormsAuthenticationTicket instance (result from FormsAuthentication.Encrypt
method)

One view to the subject and alternative solution is provided here as well:
http://www.codeproject.com/aspnet/cookieless.asp
http://www.dotnet247.com/247referenc.../18/92912.aspx

--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist






"Machi" <(E-Mail Removed)> wrote in message
news:049501c396b0$c4ddda30$(E-Mail Removed)...
> This is a definition for Form Authentication from MSDN :
> "The Forms authentication provider is an authentication
> scheme that makes it possible for the application to
> collect credentials using an HTML form directly from the
> client. The client submits credentials directly to your
> application code for authentication. If your application
> authenticates the client, it issues a cookie to the client
> that the client presents on subsequent requests. If a
> request for a protected resource does not contain the
> cookie, the application redirects the client to the logon
> page."
> My Question : If i want to use Form authentication but
> client browsers does not support cookies (Since we do not
> know whether particular users' browsers will support
> cookie or not), when user tries to sign in to my page, how
> actually ASP.NET works internally in order to support
> cookieless browser??? Thanks



 
Reply With Quote
 
 
 
 
Machi
Guest
Posts: n/a
 
      10-21-2003
Thank you very much.

>-----Original Message-----
>Hi,
>
>working without cookies with Forms Authentication needs

bit custom work to
>be done, namely you need to manually persist the forms

authentication ticket
>in the querystring.
>
>The query string variable name needs to match the cookie

name specified at
>web.config for the forms authentication and the actual

data is the encrypted
>FormsAuthenticationTicket instance (result from

FormsAuthentication.Encrypt
>method)
>
>One view to the subject and alternative solution is

provided here as well:
>http://www.codeproject.com/aspnet/cookieless.asp
>http://www.dotnet247.com/247referenc.../18/92912.aspx
>
>--
>Teemu Keiski
>MCP, Microsoft MVP (ASP.NET), AspInsiders member
>ASP.NET Forum Moderator, AspAlliance Columnist
>
>
>
>
>
>
>"Machi" <(E-Mail Removed)> wrote in message
>news:049501c396b0$c4ddda30$(E-Mail Removed)...
>> This is a definition for Form Authentication from MSDN :
>> "The Forms authentication provider is an authentication
>> scheme that makes it possible for the application to
>> collect credentials using an HTML form directly from the
>> client. The client submits credentials directly to your
>> application code for authentication. If your application
>> authenticates the client, it issues a cookie to the

client
>> that the client presents on subsequent requests. If a
>> request for a protected resource does not contain the
>> cookie, the application redirects the client to the

logon
>> page."
>> My Question : If i want to use Form authentication but
>> client browsers does not support cookies (Since we do

not
>> know whether particular users' browsers will support
>> cookie or not), when user tries to sign in to my page,

how
>> actually ASP.NET works internally in order to support
>> cookieless browser??? Thanks

>
>
>.
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sessionState cookieless and forms cookieless ravisingh11@gmail.com ASP .Net 2 05-09-2006 11:26 PM
Cookieless Forms Authentication and Roles Mark Olbert ASP .Net 1 12-26-2005 09:51 AM
Re: Cookieless forms authentication in Asp.Net 1.0? Daniel Fisher\(lennybacon\) ASP .Net 0 11-30-2005 08:55 AM
Cookieless forms authentication in Asp.Net 1.0? Marcus ASP .Net 0 11-29-2005 05:26 PM
Authentication ticket, cookieless, forms authentication? Lauchlan M ASP .Net Security 0 10-01-2003 12:23 AM



Advertisments