1

When i disable cookie at browser level will 'Form authentication' still work ?.If not,What is the alternative that enables the 'From Authentication' ?

Improve this question

3 Answers 3

Reset to default
3

yes, forms authentication can work when cookies are disabled. you need to update web.config to handle this situation. if cookies are disabled then the security token is passed through the query string.

take a look at the following tutorial for all the dirt of forms authentication: http://www.asp.net/learn/security/?lang=cs

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Forms Authentication can still work as long as you have not set the "cookieless" parameter of the forms element in your web.config file to "UseCookies".

All of the other options, including the default of "UseDeviceProfile", means that FormsAuthentication will work with or without cookies enabled on the browser.

<configuration>
   <system.web>
   <authentication mode="Forms">
      <forms 
      name="MyApp" 
      loginUrl="/login.aspx"
      cookieless="UseDeviceProfile">   // <-- don't set this to "UseCookies" 
      </forms>
   </authentication>
   </system.web>
</configuration>
Improve this answer

Comments

1

Forms Authentication works with "UseCookies" as shown below:

<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name="MyApp" loginUrl="/login.aspx" cookieless="UseCookies">
            </forms>
        </authentication>
    </system.web>
</configuration>

You can enforce cookie enabling on the client's browser by detecting if cookies are enabled or not and reporting the necessary error before any execution is carried out.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.