How to set userdata in auth ticket and still support cookieless authentication?

[Peter Rilling]

Hi.

I am working on an ASP.NET application and would like to support cookieless
forms authentication. Now there is a FormsAuthentication.SetAuthCookie
which, as I can see using reflector, takes into account the cookieless
status and sets the ticket either in a cookie or the URL. I want to store
some user data in the ticket, but the SetAuthCookie does not have a
parameter for custom data. What should I do?

From looking at this, it looks like I have two alternatives:
1) Implement the cookie vs. URL saving myself (possibly reverse engineering
the SetAuthCookie method). The problem with this is the there seems to be a
lot of helper classes and stuff like CookielessHelperClass that are
internal.
2) Use reflection to get access to the internal methods and call them
directly. The problem with this is that if the internal system changes,
than my code will break, but at least I would not have to implement lots of
code to do what I want.

So, is there a third alternative that the framework exposes? I would like
there to be a method as simple as SetAuthCookie which lets me pass some
userdata.

 

[bruce barker \(sqlwork.com\)]

cookiess sessions use url encoding via url rewriting. you can use your own
url rewriting on top of the session.

-- bruce (sqlwork.com)