R
Randall Parker
Some questions on forms authentication:
1) Can one do one's own checking of username and password and totally bypass calling
FormsAuthentication.Authenticate?
2) does the "new FormsAuthenticationTicket" create a cookie?
3) Can one send the cookie back to the browser just by doing the new call on the
FormsAuthenticationTicket?
4) Does a session object contain nothing more than what is in the browser cookie?
5) Does the session object get created fresh from every forms submit using the
browser's cookie that ASP.Net requests from the browser on every page submit?
http://msdn.microsoft.com/library/d.../html/cpconformsauthenticationcredentials.asp
void SubmitBtn_Click(Object Source, EventArgs e)
{
// Pull credentials from form fields and try to authenticate.
if (FormsAuthentication.Authenticate(UserName.Value,
UserPassword.Value))
{
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(UserName.Value, false, 5000);
FormsAuthentication.RedirectFromLoginPage(UserName.Value,
Persist.Checked);
}
}
1) Can one do one's own checking of username and password and totally bypass calling
FormsAuthentication.Authenticate?
2) does the "new FormsAuthenticationTicket" create a cookie?
3) Can one send the cookie back to the browser just by doing the new call on the
FormsAuthenticationTicket?
4) Does a session object contain nothing more than what is in the browser cookie?
5) Does the session object get created fresh from every forms submit using the
browser's cookie that ASP.Net requests from the browser on every page submit?
http://msdn.microsoft.com/library/d.../html/cpconformsauthenticationcredentials.asp
void SubmitBtn_Click(Object Source, EventArgs e)
{
// Pull credentials from form fields and try to authenticate.
if (FormsAuthentication.Authenticate(UserName.Value,
UserPassword.Value))
{
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(UserName.Value, false, 5000);
FormsAuthentication.RedirectFromLoginPage(UserName.Value,
Persist.Checked);
}
}