W
William
I'm a little unclear on when exactly I would need to use
FormsAuthentication.Encrypt. If I have the cookie protection in the
web.config set to All (i.e. <forms loginUrl="login.aspx" protection="All">),
shouldn't my cookie already be encrypted and tamper-proof even if I don't
encrypt the authentication ticket using FormsAuthentication.Encrypt? What do
I gain by also using FormsAuthentication.Encrypt in addition to the the
web.config setting? Or is this more of a double-check than anything else?
FormsAuthentication.Encrypt. If I have the cookie protection in the
web.config set to All (i.e. <forms loginUrl="login.aspx" protection="All">),
shouldn't my cookie already be encrypted and tamper-proof even if I don't
encrypt the authentication ticket using FormsAuthentication.Encrypt? What do
I gain by also using FormsAuthentication.Encrypt in addition to the the
web.config setting? Or is this more of a double-check than anything else?