Reputation: 32400
How does IIS persist a user's identity from page to page in an ASP.net application?
Web pages are, by nature, state-less objects. When you click from page to page in an ASP.net application, each request for a page is treated as a brand-new request. We use things like cookies, session-variables, and query strings to maintain state from page to page.
When you log in to an ASP.net web application using Windows Authentication, how does IIS persist your identity between pages?
Upvotes: 2
Views: 246
Answers (3)
Reputation: 2327
Session is identified usually by a cookie (the 'session cookie') unless you set your app to be "cookieless", in which case the identifier is in the url.
http://msdn.microsoft.com/en-us/library/aa479314.aspx
Upvotes: 1
Reputation: 25268
The browser "helps out" in the case of domain authentication. Instead of asking you on every request, it remembers what you entered the first time and keeps re-sending it along with every request for that site.
Upvotes: 1
Reputation: 41858
If you use something like Fiddler2, or any other web proxy tool, you can look at the header and see that for Windows Integrated Authentication, it gets the domain/username from the header, so it is able to know who you are, and then it will probably be using a session to help keep state between pages.
Upvotes: 2
Related Questions
- ASP.NET Identity, persistent cookie - is something like this build in?
- How does IIS recognize different sessions in .NET?
- ASP.NET Identity regenerats Identity at each request
- ASP.NET User Identity
- How does ASP.NET WebAPI using IIS store my users authentication state?
- Persist user profile into cookie when using ASP.NET.Identity
- Where does HttpApplication.User.Identity get updated?
- How does FormsAuthentication persist sessions across request contexts and what information is persisted?
- Where does User.Identity data come from?
- What sets Page.User.Identity.Name