CODEWITHSUNDEEP
asp.netforms-authentication
user274364
user274364

Reputation: 1857

Cookie and Authentication -ASP.net

When i disable cookie at browser level will 'Form authentication' still work ?.If not,What is the alternative that enables the 'From Authentication' ?

Upvotes: 1

Views: 2110

Answers (3)

Popoola Oluwaseun Kirchoff
Popoola Oluwaseun Kirchoff

Reputation: 98

Forms Authentication works with "UseCookies" as shown below:

<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name="MyApp" loginUrl="/login.aspx" cookieless="UseCookies">
            </forms>
        </authentication>
    </system.web>
</configuration>

You can enforce cookie enabling on the client's browser by detecting if cookies are enabled or not and reporting the necessary error before any execution is carried out.

Upvotes: 1

womp
womp

Reputation: 116977

Forms Authentication can still work as long as you have not set the "cookieless" parameter of the forms element in your web.config file to "UseCookies".

All of the other options, including the default of "UseDeviceProfile", means that FormsAuthentication will work with or without cookies enabled on the browser.

<configuration>
   <system.web>
   <authentication mode="Forms">
      <forms 
      name="MyApp" 
      loginUrl="/login.aspx"
      cookieless="UseDeviceProfile">   // <-- don't set this to "UseCookies" 
      </forms>
   </authentication>
   </system.web>
</configuration>

Upvotes: 2

yamspog
yamspog

Reputation: 18343

yes, forms authentication can work when cookies are disabled. you need to update web.config to handle this situation. if cookies are disabled then the security token is passed through the query string.

take a look at the following tutorial for all the dirt of forms authentication: http://www.asp.net/learn/security/?lang=cs

Upvotes: 3

Related Questions