cookies/forms authentication

Discussion in 'ASP .Net' started by Brian Shannon, Aug 3, 2004.

  1. Currently I manage user login for our intranet through session variables. I
    am in the process of converting this to forms authentication using a sql2000
    DB.

    I have a few users that need there machine a little more secure than others
    for EDI purposes and can't accept cookies. Is there something that can be
    done for situitions like this. Still use forms authentication but the
    browser doesn't accept cookies.

    As of now there are only 3 individuals who's browsers wont accept cookies.

    Thanks for any suggestions.
     
    Brian Shannon, Aug 3, 2004
    #1
    1. Advertising

  2. I have not tested this approach out myself, but this article speaks to your
    scenario:

    http://www.codeproject.com/aspnet/cookieless.asp

    Jeffrey Hasan, MCSD
    President, Bluestone Partners, Inc.
    -----------------------------------------------
    Author of: Expert SOA in C# Using WSE 2.0 (APress, 2004)
    http://www.bluestonepartners.com/soa.aspx

    "Brian Shannon" <> wrote in message
    news:#MW$$...
    > Currently I manage user login for our intranet through session variables.

    I
    > am in the process of converting this to forms authentication using a

    sql2000
    > DB.
    >
    > I have a few users that need there machine a little more secure than

    others
    > for EDI purposes and can't accept cookies. Is there something that can be
    > done for situitions like this. Still use forms authentication but the
    > browser doesn't accept cookies.
    >
    > As of now there are only 3 individuals who's browsers wont accept cookies.
    >
    > Thanks for any suggestions.
    >
    >
     
    Jeffrey Hasan, Aug 3, 2004
    #2
    1. Advertising

  3. Brian Shannon

    Guest Guest

    Your statement that their computers cannot accept cookies
    is not entirely clear.

    Has cookies been entirely disabled on their machines? Or
    is it simply that you cannot use cookies for your
    application?

    If it is the case that the cookies are still enabled, then
    you could encrypt the forms authentication cookie before
    sending it to the client.

    Here is an example:
    http://support.microsoft.com/default.aspx?scid=kb;en-
    us;q301240

    If the forms are entirely disabled on the client machines,
    then you are pretty much stuck with the session variable
    (or at least the session ID as a key).

    Hope that helps.

    ~Chuck
     
    Guest, Aug 3, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott
    Replies:
    1
    Views:
    2,535
    Rajesh.V
    Oct 16, 2003
  2. Joey Powell

    Forms Authentication Cookies Never Expire

    Joey Powell, Dec 4, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    6,941
    Mike Moore [MSFT]
    Dec 4, 2003
  3. Eric
    Replies:
    2
    Views:
    1,498
    Tommy
    Feb 13, 2004
  4. _Who
    Replies:
    7
    Views:
    2,687
  5. Eric
    Replies:
    2
    Views:
    562
Loading...

Share This Page