Cookie and Authentication -ASP.net

Question

当我在浏览器级别禁用cookie时，“表单身份验证”是否仍然有效？如果没有，启用“来自身份验证”的替代方法是什么？

Answer 1

yes, forms authentication can work when cookies are disabled. you need to update web.config to handle this situation. if cookies are disabled then the security token is passed through the query string.

take a look at the following tutorial for all the dirt of forms authentication: http://www.asp.net/learn/security/?lang=cs

Answer 2

Forms Authentication can still work as long as you have not set the "cookieless" parameter of the forms element in your web.config file to "UseCookies".

All of the other options, including the default of "UseDeviceProfile", means that FormsAuthentication will work with or without cookies enabled on the browser.

<configuration>
   <system.web>
   <authentication mode="Forms">
      <forms 
      name="MyApp" 
      loginUrl="/login.aspx"
      cookieless="UseDeviceProfile">   // <-- don't set this to "UseCookies" 
      </forms>
   </authentication>
   </system.web>
</configuration>

Answer 3

Forms Authentication works with "UseCookies" as shown below:

<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name="MyApp" loginUrl="/login.aspx" cookieless="UseCookies">
            </forms>
        </authentication>
    </system.web>
</configuration>

You can enforce cookie enabling on the client's browser by detecting if cookies are enabled or not and reporting the necessary error before any execution is carried out.