Authentication ticket, cookieless, forms authentication?

Discussion in 'ASP .Net Security' started by Lauchlan M, Oct 1, 2003.

  1. Lauchlan M

    Lauchlan M Guest

    Hi.

    I want to use Forms Authentication, cookieless.

    The issue is setting the Authentication Ticket without using cookies (!)

    That is, the authentication ticket (cookie) will not be a cookie but passed
    around in the URL.

    I know there are some resources relating to setting th eAuthentication
    Ticket in a cookieless way, eg
    http://support.microsoft.com/default.aspx?scid=kb;[LN];Q311568 and
    http://msdn.microsoft.com/library/d...sdk/html/mwcondesigningsecureapplications.asp
    but none of these seem really satisfactory since they rely completely on the
    mobile internet toolkit.

    One can also bypass the MS user/identity/principal framework (eg
    http://www.codeproject.com/aspnet/cookieless.asp), and use Session
    variable(s) instead to 'roll your own' login/authentication framework using
    session variables and Global_AcquireRequestState in Glabal.asax (I would
    extend this to do roles as well).

    I want to know how to do the ASP.NET way of authentication (eg
    http://www.eggheadcafe.com/articles/20020906.asp), except in cookieless
    mode.

    But I don't feel I have found the right/best way to do cookieless forms
    authentication. It's looking like doing it the
    http://www.codeproject.com/aspnet/cookieless.asp Session variable way is the
    best bet for me at the moment.

    Any ideas / suggestions?

    Lauchlan M
     
    Lauchlan M, Oct 1, 2003
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.