When i disable cookie at browser level wi开发者_如何学编程ll 'Form authentication' still work ?.If not,What is the alternative that enables the 'From Authentication' ?
yes, forms authentication can work when cookies are disabled. you need to update web.config to handle this situation. if cookies are disabled then the security token is passed through the query string.
take a look at the following tutorial for all the dirt of forms authentication: http://www.asp.net/learn/security/?lang=cs
Forms Authentication can still work as long as you have not set the "cookieless" parameter of the forms element in your web.config file to "UseCookies".
All of the other options, including the default of "UseDeviceProfile", means that FormsAuthentication will work with or without cookies enabled on the browser.
<configuration>
<system.web>
<authentication mode="Forms">
<forms
name="MyApp"
loginUrl="/login.aspx"
cookieless="UseDeviceProfile"> // <-- don't set this to "UseCookies"
</forms>
</authentication>
</system.web>
</configuration>
Forms Authentication works with "UseCookies" as shown below:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="MyApp" loginUrl="/login.aspx" cookieless="UseCookies">
</forms>
</authentication>
</system.web>
</configuration>
You can enforce cookie enabling on the client's browser by detecting if cookies are enabled or not and reporting the necessary error before any execution is carried out.
精彩评论