I have a sharepoint site which works on form based authentication and now I want that sharepoint site to have cookieless authentication. Basicaly in .Net we have option in web.开发者_JAVA百科config to modify the session state and to make cookieless false but how do we implement the same for sharepoint sites. Please help me in finding best solution
I'm not sure about SharePoint 2010, but SharePoint 2007 does not support cookieless authentication:
“Cookieless” Forms Based Authentication (FBA) in SharePoint 2007
So… MOSS and WSS 3.0 are both now solidly based on the ASP.NET 2.0 platform, so this should all work in a SharePoint site, right? Well, sort of. So basically, no – not at all. Once you update your web.config to use "cookieless mode" everything appears to be working at first. You authenticate, and the ticket magically appears in your URL. The problems start to appear once you begin to navigate around your site. Some URLs have the ticket in them, and some don't. It basically comes down to this – if a URL is written using a standard ASP.NET control, or if you write a relative URL yourself, the ticket is preserved and cookieless FBA works. However, if a SharePoint control writes the URL, it's absolute, the ticket is not written, and FBA breaks.
We ran this past our PSS contacts, and apparently this is a known "issue", and it's not slated to be addressed in the 3.0 product. Basically, the feature is not supported. It no doubt has something to do with SharePoint writing URLs to support Alternate Access Mappings. There's really no reason why it couldn't write them relatively, but it obviously doesn't.
You can reduce a number of cookies by using Claims Based Authentication.
You need to setup Security Token Service as described in this blog post http://blog.sharepointsite.co.uk/2010/11/change-to-session-cookies-for-claims.html
However, note that you'll lose Client Integration, as Office use cookies from IE.
精彩评论