In my <authentication> settings in my web.config, I have set cookieless="AutoDetect". This has been working fine for my needs so far.
However, I now have a situation where there are some pages in my site where I would like to force cookieless="UseURI" mode. Is there a way to override this setting for specific pages in my site? (I would prefer not to change the setting for my whole entire
site to use cookieless="UseURI", but rather apply it just to the few specific pages where I need it.)
(In case you're curious why I want to do this: I have a Flash control on one page that POSTs to another page, but that Flash control won't pass cookies in its request - hence why I want to use cookieless="UseURI" for those pages. But given the danger of
a user copy-pasting a URL in general, I only want to use cookieless="UseURI" on as few pages as possible.)
This might seem like a long shot, however the only way that I can think of is creating another directory in your application and calling it something like cookieless (for examaple) and storing any pages that you require to have cookieless authentication
in that directory.
Then add another web.config file to that directory and set the cookieless attribute to true for those pages leaving the rest of the pages exactly how they were
I ended up writing an HttpModule that would read the authentication ticket from the URL and perform authentication, yet still allows "normal" cookie-based authentication.
It wasn't as ideal as finding a web.config setting, but it did the trick.
Gregg
Marked as answer by Gregg_ on Oct 16, 2012 05:25 PM
Gregg_
Member
4 Points
4 Posts
Forms Authentication: different cookieless/cookie modes for different pages?
Aug 18, 2011 11:57 PM|LINK
I am using Forms Authentication.
In my <authentication> settings in my web.config, I have set cookieless="AutoDetect". This has been working fine for my needs so far.
However, I now have a situation where there are some pages in my site where I would like to force cookieless="UseURI" mode. Is there a way to override this setting for specific pages in my site? (I would prefer not to change the setting for my whole entire site to use cookieless="UseURI", but rather apply it just to the few specific pages where I need it.)
(In case you're curious why I want to do this: I have a Flash control on one page that POSTs to another page, but that Flash control won't pass cookies in its request - hence why I want to use cookieless="UseURI" for those pages. But given the danger of a user copy-pasting a URL in general, I only want to use cookieless="UseURI" on as few pages as possible.)
Thanks!
anytimesampa...
Member
6 Points
4 Posts
Re: Forms Authentication: different cookieless/cookie modes for different pages?
May 15, 2012 09:32 AM|LINK
Hi Gregg,
Have you been able to sort out this because, I was also trying to do the same.
Thanks,
Sampath
PashBash
Member
371 Points
81 Posts
Re: Forms Authentication: different cookieless/cookie modes for different pages?
May 16, 2012 08:33 PM|LINK
This might seem like a long shot, however the only way that I can think of is creating another directory in your application and calling it something like cookieless (for examaple) and storing any pages that you require to have cookieless authentication in that directory.
Then add another web.config file to that directory and set the cookieless attribute to true for those pages leaving the rest of the pages exactly how they were
anytimesampa...
Member
6 Points
4 Posts
Re: Forms Authentication: different cookieless/cookie modes for different pages?
May 18, 2012 04:55 AM|LINK
Yes, May be that works to be one option.
Thanks,
Sampath
Gregg_
Member
4 Points
4 Posts
Re: Forms Authentication: different cookieless/cookie modes for different pages?
May 29, 2012 04:58 AM|LINK
Hi, Sampath.
I ended up writing an HttpModule that would read the authentication ticket from the URL and perform authentication, yet still allows "normal" cookie-based authentication.
It wasn't as ideal as finding a web.config setting, but it did the trick.
Gregg
anytimesampa...
Member
6 Points
4 Posts
Re: Forms Authentication: different cookieless/cookie modes for different pages?
May 29, 2012 05:04 AM|LINK
Hi Gregg,
That was really a good idea. Can you please help us with a sample code.
Thanks,
Sampath
CarlFromSwed...
Member
2 Points
1 Post
Re: Forms Authentication: different cookieless/cookie modes for different pages?
Jun 30, 2012 08:01 AM|LINK
Dear Gregg,
I am struggling with the same problem. I tried the web.config solution but that did not work in my application.
I am not so familiar with ASP.NET so I do not really know how to write a HttpModule. Can you please help me with some code?
Thank you in advance.
Carl
CPrakash82
All-Star
18290 Points
2844 Posts
Re: Forms Authentication: different cookieless/cookie modes for different pages?
Jul 01, 2012 11:32 PM|LINK
Look at these articles for HttpModule
http://support.microsoft.com/kb/307996
http://msdn.microsoft.com/en-us/library/aa719858(v=vs.71).aspx
For security based on HttpModule, refer this article.
http://www.codeproject.com/Articles/5353/Custom-Authentication-provider-by-implementing-IHt
Thanks,