2

May be my question is crazy.

1) ASP.net MVC is stateless, so there is no session involved in here.

How does the authentication module work and do you have any articles which you can point me to understand the Authentication basics.

What are the authentication information stored in.

[Novice MVC]

smartcaveman
  • 41,281
  • 29
  • 127
  • 212
bhushanvinay
  • 449
  • 1
  • 5
  • 21
  • What do you mean by "there is no session involved"? Maybe you are confusing session state with view state – the latter is a concept available only in ASP.NET Forms. – Jørn Schou-Rode Mar 10 '11 at 11:52

3 Answers3

5

The web is stateless. Both ASP.NET and ASP.NET MVC have mechanisms for creating an application state. Advocates of MVC like that it provides the developer with more control over how state is managed and how requests affect the managed state than Web Forms. Web Forms encapsulates state with ViewState which is not part of MVC. The MVC pattern allows you to control every action (including managing the application state) on a much more granular level. This is probably where you got the idea that MVC is stateless.

As a side note, you should favor using the TempDataDictionary over HttpSessionState for storing state-related data, because the default implementation the TempDataProvider is a wrapper of the HttpSessionState). The pattern is a little different but a good article can be found at http://www.gregshackles.com/2010/07/asp-net-mvc-do-you-know-where-your-tempdata-is/

ASP.NET (and MVC) authentication usually works by leveraging Forms Authentication. It can be configured in your web.config. ASP.NET Authentication Configuration.

If your client's browser supports cookies, the default behavior is for your authentication ticket to be stored in a cookie.

smartcaveman
  • 41,281
  • 29
  • 127
  • 212
2

Who told you ASP.net MVC was stateless? In any case, authentication info is usually stored in an encrypted cookie. It's exactly the same as webforms in this regard.

UPDATE

Regarding ASP.NET MVC, see here for plenty to get you started: http://www.asp.net/mvc

For ASP.NET forms authentication, see MSDN

UpTheCreek
  • 31,444
  • 34
  • 152
  • 221
  • I think i saw some videos where they mentioned it is stateless. may be my understanding of this was incorrect please could you help me to get on board and read articles about this. i want to clearaway the myth. – bhushanvinay Mar 10 '11 at 12:01
  • ASP .Net MVC is sometimes referred to as stateless in regards to the control state (`input`, `select` etc) I would guess that's where the confusion may have come from. – ilivewithian Mar 10 '11 at 12:03
  • @ilivewithian: there's nothing stopping you from maintaining the state of inputs or selects in MVC. – UpTheCreek Mar 10 '11 at 12:42
  • @bhushanvinay: See link in update for tutorials etc. Re stateless, as a previous commenter mentioned, probably they said it had no concept of ViewState. – UpTheCreek Mar 10 '11 at 12:43
  • Just send back the same model --> "viewstate" – jgauffin Mar 10 '11 at 12:49
0

Technically, you could go stateless if you sent HTTP header authorization with every request.

CheeZe5
  • 975
  • 1
  • 8
  • 24