Form Authentication with cookieless browser

Discussion in 'ASP .Net Security' started by Machi, Oct 20, 2003.

  1. Machi

    Machi Guest

    This is a definition for Form Authentication from MSDN :
    "The Forms authentication provider is an authentication
    scheme that makes it possible for the application to
    collect credentials using an HTML form directly from the
    client. The client submits credentials directly to your
    application code for authentication. If your application
    authenticates the client, it issues a cookie to the client
    that the client presents on subsequent requests. If a
    request for a protected resource does not contain the
    cookie, the application redirects the client to the logon
    page."
    My Question : If i want to use Form authentication but
    client browsers does not support cookies (Since we do not
    know whether particular users' browsers will support
    cookie or not), when user tries to sign in to my page, how
    actually ASP.NET works internally in order to support
    cookieless browser??? Thanks
     
    Machi, Oct 20, 2003
    #1
    1. Advertising

  2. Machi

    Teemu Keiski Guest

    Hi,

    working without cookies with Forms Authentication needs bit custom work to
    be done, namely you need to manually persist the forms authentication ticket
    in the querystring.

    The query string variable name needs to match the cookie name specified at
    web.config for the forms authentication and the actual data is the encrypted
    FormsAuthenticationTicket instance (result from FormsAuthentication.Encrypt
    method)

    One view to the subject and alternative solution is provided here as well:
    http://www.codeproject.com/aspnet/cookieless.asp
    http://www.dotnet247.com/247reference/msgs/18/92912.aspx

    --
    Teemu Keiski
    MCP, Microsoft MVP (ASP.NET), AspInsiders member
    ASP.NET Forum Moderator, AspAlliance Columnist






    "Machi" <> wrote in message
    news:049501c396b0$c4ddda30$...
    > This is a definition for Form Authentication from MSDN :
    > "The Forms authentication provider is an authentication
    > scheme that makes it possible for the application to
    > collect credentials using an HTML form directly from the
    > client. The client submits credentials directly to your
    > application code for authentication. If your application
    > authenticates the client, it issues a cookie to the client
    > that the client presents on subsequent requests. If a
    > request for a protected resource does not contain the
    > cookie, the application redirects the client to the logon
    > page."
    > My Question : If i want to use Form authentication but
    > client browsers does not support cookies (Since we do not
    > know whether particular users' browsers will support
    > cookie or not), when user tries to sign in to my page, how
    > actually ASP.NET works internally in order to support
    > cookieless browser??? Thanks
     
    Teemu Keiski, Oct 20, 2003
    #2
    1. Advertising

  3. Machi

    Machi Guest

    Thank you very much.

    >-----Original Message-----
    >Hi,
    >
    >working without cookies with Forms Authentication needs

    bit custom work to
    >be done, namely you need to manually persist the forms

    authentication ticket
    >in the querystring.
    >
    >The query string variable name needs to match the cookie

    name specified at
    >web.config for the forms authentication and the actual

    data is the encrypted
    >FormsAuthenticationTicket instance (result from

    FormsAuthentication.Encrypt
    >method)
    >
    >One view to the subject and alternative solution is

    provided here as well:
    >http://www.codeproject.com/aspnet/cookieless.asp
    >http://www.dotnet247.com/247reference/msgs/18/92912.aspx
    >
    >--
    >Teemu Keiski
    >MCP, Microsoft MVP (ASP.NET), AspInsiders member
    >ASP.NET Forum Moderator, AspAlliance Columnist
    >
    >
    >
    >
    >
    >
    >"Machi" <> wrote in message
    >news:049501c396b0$c4ddda30$...
    >> This is a definition for Form Authentication from MSDN :
    >> "The Forms authentication provider is an authentication
    >> scheme that makes it possible for the application to
    >> collect credentials using an HTML form directly from the
    >> client. The client submits credentials directly to your
    >> application code for authentication. If your application
    >> authenticates the client, it issues a cookie to the

    client
    >> that the client presents on subsequent requests. If a
    >> request for a protected resource does not contain the
    >> cookie, the application redirects the client to the

    logon
    >> page."
    >> My Question : If i want to use Form authentication but
    >> client browsers does not support cookies (Since we do

    not
    >> know whether particular users' browsers will support
    >> cookie or not), when user tries to sign in to my page,

    how
    >> actually ASP.NET works internally in order to support
    >> cookieless browser??? Thanks

    >
    >
    >.
    >
     
    Machi, Oct 21, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marcus
    Replies:
    0
    Views:
    381
    Marcus
    Nov 29, 2005
  2. Daniel Fisher\(lennybacon\)

    Re: Cookieless forms authentication in Asp.Net 1.0?

    Daniel Fisher\(lennybacon\), Nov 30, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    396
    Daniel Fisher\(lennybacon\)
    Nov 30, 2005
  3. Mark Olbert

    Cookieless Forms Authentication and Roles

    Mark Olbert, Dec 24, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    3,740
    Steven Cheng[MSFT]
    Dec 26, 2005
  4. Replies:
    2
    Views:
    3,274
    Ravi Singh (UCSD)
    May 10, 2006
  5. Lauchlan M
    Replies:
    0
    Views:
    226
    Lauchlan M
    Oct 1, 2003
Loading...

Share This Page