When i disable cookie at browser level will 'Form authentication' still work ?.If not,What is the alternative that enables the 'From Authentication' ?
+2
A:
yes, forms authentication can work when cookies are disabled. you need to update web.config to handle this situation. if cookies are disabled then the security token is passed through the query string.
take a look at the following tutorial for all the dirt of forms authentication: http://www.asp.net/learn/security/?lang=cs
yamspog
2010-03-30 18:12:08
+1
A:
Forms Authentication can still work as long as you have not set the "cookieless" parameter of the forms element in your web.config file to "UseCookies".
All of the other options, including the default of "UseDeviceProfile", means that FormsAuthentication will work with or without cookies enabled on the browser.
<configuration>
<system.web>
<authentication mode="Forms">
<forms
name="MyApp"
loginUrl="/login.aspx"
cookieless="UseDeviceProfile"> // <-- don't set this to "UseCookies"
</forms>
</authentication>
</system.web>
</configuration>
womp
2010-03-30 18:16:00