How to implement cookies less form authentication when we create our own cookie

Question

I am implementing the forms authentication like (I need to create the ticket based some some conditions not from active directory or from database)

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
        "userName",
        DateTime.Now,
        DateTime.Now.AddMinutes(30), // value of time out property
        false, // Value of IsPersistent property
        String.Empty,
        FormsAuthentication.FormsCookiePath);

string encryptedTicket = FormsAuthentication.Encrypt(ticket);
HttpCookie authCookie = new HttpCookie(
                            FormsAuthentication.FormsCookieName, 
                            encryptedTicket);

authCookie.Secure = true;
Response.Cookies.Add(authCookie);

 and my web.config 


<system.web>
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           protection="All"
           timeout="30"
           name="test" 
           path="/"
           requireSSL="false"
           slidingExpiration="true"
          cookieless="UseDeviceProfile"
           enableCrossAppRedirects="false" />
  </authentication>
</system.web>

This implementation is working fine if the browser cookies are enabled . while it is not working when cookies are disabled( I tried Cookieless="useuri" but it doesnt help)

Can you please guys tell me how should i implement cookiless forms authentication in this scenario

I want to use uri for auth cookie or any other better solution?.

store it in session it's a cookie but the cookie resides on the web server — CBRRacer, Sep 29 '11 at 04:43
I would like to user uri but it doesnt work since i think i am adding cookie to response object @Ranhiru — Grasshopper, Sep 29 '11 at 05:01
@CBRRacer: It is a cookie :) The data resides in the web server but for the web server to uniquely identify each user cookies must be enabled. Or else going cookieless means having the session id embedded in the URL. Look at the answer given by tugberk. — Ranhiru Jude Cooray, Sep 29 '11 at 09:14
@RanhiruCooray actually that was what I was talking about, but I failed to specify the URL aspect of it. — CBRRacer, Sep 29 '11 at 13:22

score 0 · Answer 1 · edited May 23 '17 at 12:27

0

For cookieless browsers asp.net provides session id to embed in URL;

See the below question :

What will happen to asp.net membership if the client browser is not accepting cookies

edited May 23 '17 at 12:27

Community

1
1

answered Sep 29 '11 at 04:47

tugberk

57,477
67
243
335

How to implement cookies less form authentication when we create our own cookie

1 Answers1