L
Lauchlan M
Hi.
I want to use Forms Authentication, cookieless.
The issue is setting the Authentication Ticket without using cookies (!)
That is, the authentication ticket (cookie) will not be a cookie but passed
around in the URL.
I know there are some resources relating to setting th eAuthentication
Ticket in a cookieless way, eg
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q311568 and
http://msdn.microsoft.com/library/d...sdk/html/mwcondesigningsecureapplications.asp
but none of these seem really satisfactory since they rely completely on the
mobile internet toolkit.
One can also bypass the MS user/identity/principal framework (eg
http://www.codeproject.com/aspnet/cookieless.asp), and use Session
variable(s) instead to 'roll your own' login/authentication framework using
session variables and Global_AcquireRequestState in Glabal.asax (I would
extend this to do roles as well).
I want to know how to do the ASP.NET way of authentication (eg
http://www.eggheadcafe.com/articles/20020906.asp), except in cookieless
mode.
But I don't feel I have found the right/best way to do cookieless forms
authentication. It's looking like doing it the
http://www.codeproject.com/aspnet/cookieless.asp Session variable way is the
best bet for me at the moment.
Any ideas / suggestions?
Lauchlan M
I want to use Forms Authentication, cookieless.
The issue is setting the Authentication Ticket without using cookies (!)
That is, the authentication ticket (cookie) will not be a cookie but passed
around in the URL.
I know there are some resources relating to setting th eAuthentication
Ticket in a cookieless way, eg
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q311568 and
http://msdn.microsoft.com/library/d...sdk/html/mwcondesigningsecureapplications.asp
but none of these seem really satisfactory since they rely completely on the
mobile internet toolkit.
One can also bypass the MS user/identity/principal framework (eg
http://www.codeproject.com/aspnet/cookieless.asp), and use Session
variable(s) instead to 'roll your own' login/authentication framework using
session variables and Global_AcquireRequestState in Glabal.asax (I would
extend this to do roles as well).
I want to know how to do the ASP.NET way of authentication (eg
http://www.eggheadcafe.com/articles/20020906.asp), except in cookieless
mode.
But I don't feel I have found the right/best way to do cookieless forms
authentication. It's looking like doing it the
http://www.codeproject.com/aspnet/cookieless.asp Session variable way is the
best bet for me at the moment.
Any ideas / suggestions?
Lauchlan M