Ask a Question related to ASP.NET Security, Design and Development.
-
Machi #1
Form Authentication with cookieless browser
This is a definition for Form Authentication from MSDN :
"The Forms authentication provider is an authentication
scheme that makes it possible for the application to
collect credentials using an HTML form directly from the
client. The client submits credentials directly to your
application code for authentication. If your application
authenticates the client, it issues a cookie to the client
that the client presents on subsequent requests. If a
request for a protected resource does not contain the
cookie, the application redirects the client to the logon
page."
My Question : If i want to use Form authentication but
client browsers does not support cookies (Since we do not
know whether particular users' browsers will support
cookie or not), when user tries to sign in to my page, how
actually ASP.NET works internally in order to support
cookieless browser??? Thanks
Machi Guest
-
mx 7 flash form The form data has expired, Please reloadthis page in your browser.
When i first go to any flash form on my CFMX 7 server i get the following message. The form data has expired, Please reload this page in your... -
Authentication and multiple browser session
Hi, I have discovered what I consider to be an annoyance at best and, in some scenarios, a security flaw. After browsing the news groups, I... -
authenticate win32 form client with form based authentication web services
(Type your message here) -------------------------------- From: kitchai yong Hi, Can you tell me how i authenticate the win32 form client... -
forms authentication, cookieless?
Hi. I want a login framework that uses the ASP.NET web.config / forms authentication security schema (including roles in principals etc), but... -
Authentication ticket, cookieless, forms authentication?
Hi. I want to use Forms Authentication, cookieless. The issue is setting the Authentication Ticket without using cookies (!) That is, the... -
Teemu Keiski #2 Re: Form Authentication with cookieless browser
Hi,
working without cookies with Forms Authentication needs bit custom work to
be done, namely you need to manually persist the forms authentication ticket
in the querystring.
The query string variable name needs to match the cookie name specified at
web.config for the forms authentication and the actual data is the encrypted
FormsAuthenticationTicket instance (result from FormsAuthentication.Encrypt
method)
One view to the subject and alternative solution is provided here as well:
[url]http://www.codeproject.com/aspnet/cookieless.asp[/url]
[url]http://www.dotnet247.com/247reference/msgs/18/92912.aspx[/url]
--
Teemu Keiski
MCP, Microsoft MVP (ASP.NET), AspInsiders member
ASP.NET Forum Moderator, AspAlliance Columnist
"Machi" <pangtatsean1977@yahoo.com> wrote in message
news:049501c396b0$c4ddda30$a301280a@phx.gbl...> This is a definition for Form Authentication from MSDN :
> "The Forms authentication provider is an authentication
> scheme that makes it possible for the application to
> collect credentials using an HTML form directly from the
> client. The client submits credentials directly to your
> application code for authentication. If your application
> authenticates the client, it issues a cookie to the client
> that the client presents on subsequent requests. If a
> request for a protected resource does not contain the
> cookie, the application redirects the client to the logon
> page."
> My Question : If i want to use Form authentication but
> client browsers does not support cookies (Since we do not
> know whether particular users' browsers will support
> cookie or not), when user tries to sign in to my page, how
> actually ASP.NET works internally in order to support
> cookieless browser??? Thanks
Teemu Keiski Guest
-
Machi #3 Re: Form Authentication with cookieless browser
Thank you very much.
bit custom work to>-----Original Message-----
>Hi,
>
>working without cookies with Forms Authentication needsauthentication ticket>be done, namely you need to manually persist the formsname specified at>in the querystring.
>
>The query string variable name needs to match the cookiedata is the encrypted>web.config for the forms authentication and the actualFormsAuthentication.Encrypt>FormsAuthenticationTicket instance (result fromprovided here as well:>method)
>
>One view to the subject and alternative solution isclient>[url]http://www.codeproject.com/aspnet/cookieless.asp[/url]
>[url]http://www.dotnet247.com/247reference/msgs/18/92912.aspx[/url]
>
>--
>Teemu Keiski
>MCP, Microsoft MVP (ASP.NET), AspInsiders member
>ASP.NET Forum Moderator, AspAlliance Columnist
>
>
>
>
>
>
>"Machi" <pangtatsean1977@yahoo.com> wrote in message
>news:049501c396b0$c4ddda30$a301280a@phx.gbl...>> This is a definition for Form Authentication from MSDN :
>> "The Forms authentication provider is an authentication
>> scheme that makes it possible for the application to
>> collect credentials using an HTML form directly from the
>> client. The client submits credentials directly to your
>> application code for authentication. If your application
>> authenticates the client, it issues a cookie to thelogon>> that the client presents on subsequent requests. If a
>> request for a protected resource does not contain the
>> cookie, the application redirects the client to thenot>> page."
>> My Question : If i want to use Form authentication but
>> client browsers does not support cookies (Since we dohow>> know whether particular users' browsers will support
>> cookie or not), when user tries to sign in to my page,>>> actually ASP.NET works internally in order to support
>> cookieless browser??? Thanks
>
>.
>Machi Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
