Hi.

I want to use Forms Authentication, cookieless.

The issue is setting the Authentication Ticket without using cookies (!)

That is, the authentication ticket (cookie) will not be a cookie but passed
around in the URL.

I know there are some resources relating to setting th eAuthentication
Ticket in a cookieless way, eg
[url]http://support.microsoft.com/default.aspx?scid=kb;%5bLN%5d;Q311568[/url] and
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mwsdk/html/mwcondesigningsecureapplications.asp[/url]
but none of these seem really satisfactory since they rely completely on the
mobile internet toolkit.

One can also bypass the MS user/identity/principal framework (eg
[url]http://www.codeproject.com/aspnet/cookieless.asp[/url]), and use Session
variable(s) instead to 'roll your own' login/authentication framework using
session variables and Global_AcquireRequestState in Glabal.asax (I would
extend this to do roles as well).

I want to know how to do the ASP.NET way of authentication (eg
[url]http://www.eggheadcafe.com/articles/20020906.asp[/url]), except in cookieless
mode.

But I don't feel I have found the right/best way to do cookieless forms
authentication. It's looking like doing it the
[url]http://www.codeproject.com/aspnet/cookieless.asp[/url] Session variable way is the
best bet for me at the moment.

Any ideas / suggestions?

Lauchlan M