tags:

views:

32

answers:

1
+1  Q: 

How practical to change MVC app from traditional authentication to cookieless?

I have an application written in MVC that uses your regular .Net Forms Authentication. There's nothing particularly new or exciting going on with it.

My client has now asked that users be able to log in to the app on the same machine but in different browsers, or different tabs within the same browser. To my mind, he's asking for a scope change to have authentication moved to cookieless instead of its current design.

Not having had any experience with doing this in MVC, I'm curious to know before I get started how much hurt I'm in for by trying this. Are there better ways to do it? What should I consider?

Any advice appreciated.

+2  A: 

in different browsers

This should be easy because different browsers do not share cookies.

or different tabs within the same browser

That's a little bit more difficult, because the same cookies are used browser-wide, so there is no difference between the tabs.

You can try adding some authentication token to all links like:

http://site.com/home?token=afdaewdf4393cffjedcifa
http://site.com/account?token=afdaewdf4393cffjedcifa

and so on.

It's relatively easy to have the same parameter in all MVC-generated links, because the same parameter is automatically copied into other links as the user navigates between views (MVC by design).

Developer Art  2010-05-31 12:01:59
Is that just a simple matter of changing the authentication mode's forms key setting to "cookieless" instead of "forms"?
Phil.Wheeler  2010-06-01 00:23:10
@Phil.Wheeler: I don't believe it would be so easy but not excluded. Why don't you try it out and report here whether this worked?
Developer Art  2010-06-01 07:34:24
@Developer Art: Looks like just setting the Web.Config works fine for basic use, but things like Ajax and Forms Authentication become a little more complex. I'll have to do some more investigation.
Phil.Wheeler  2010-06-04 09:56:35
@Phil.Wheeler: Good to know, thank you.
Developer Art  2010-06-04 10:07:56

related questions

What is the best architecture to bridge to XMPP?
How to expose a collection property?
How do you build a ratings implementation?
Alternative "architectural" approaches to javaScript client code?
Split data access class into reader and writer or combine them?
Guide to choosing between REST vs SOAP services?
Best architecture for handling file system changes?
Globalization architecture
How Did You Decide Between WISA and LAMP?
Best Blogs for Software Architecture
Experience documentation about Shared Nothing Architecture
Agile architectures
VS.NET Application Diagrams
Documenting program architecture
Books for software architect
How do you do system integration?
Design debate: what are good ways to store and manipulate versioned objects?
Passing more parameters in C function pointers
Send messages to program through command line
Interfaces on different logic layers
How to structure a java application, in other words: where do I put my classes?
Are there any negative reasons to use an N-Tier solution?
Linux - files and scripts that execute on boot
Good STL-like library for C.
Best way to allow plugins for a PHP application