Authentication ticket, cookieless, forms authentication?

L

Lauchlan M

Hi.

I want to use Forms Authentication, cookieless.

The issue is setting the Authentication Ticket without using cookies (!)

That is, the authentication ticket (cookie) will not be a cookie but passed
around in the URL.

I know there are some resources relating to setting th eAuthentication
Ticket in a cookieless way, eg
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q311568 and
http://msdn.microsoft.com/library/d...sdk/html/mwcondesigningsecureapplications.asp
but none of these seem really satisfactory since they rely completely on the
mobile internet toolkit.

One can also bypass the MS user/identity/principal framework (eg
http://www.codeproject.com/aspnet/cookieless.asp), and use Session
variable(s) instead to 'roll your own' login/authentication framework using
session variables and Global_AcquireRequestState in Glabal.asax (I would
extend this to do roles as well).

I want to know how to do the ASP.NET way of authentication (eg
http://www.eggheadcafe.com/articles/20020906.asp), except in cookieless
mode.

But I don't feel I have found the right/best way to do cookieless forms
authentication. It's looking like doing it the
http://www.codeproject.com/aspnet/cookieless.asp Session variable way is the
best bet for me at the moment.

Any ideas / suggestions?

Lauchlan M
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,440
Members
44,830
Latest member
ZADIva7383

Latest Threads

Top