3

I have the following problem: I'm using Identity in ASP MVC application. My authentication type is "ApplicationCookie". The problem is that this application is going to be used by a bank and they forbid cookies. My question is (I'm new to ASP) where is this cookie stores (on the server only, on the client. etc.) and is Identity the right approach in this scenario?

Thank you.

Improve this question

1 Answer 1

Reset to default
2

The first thing ApplicationCookie will get stored in client browser itself. If you have configured Cookie Authentication then Server returns cookie containing encrypted and signed claims to the browser. This cookie will be stored in your browser until it expire or user signs out which deletes the cookie. By default 14 days is the expiry time for this cookie. This cookie is by default named: .AspNet.ApplicationCookie.

This is a potential security risk and to provide a truly secure connection you would have to use HTTPS.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.