Re: Forms based security

From: Charlie Dison (charliedisonONLINE_at_vitalworks.com)
Date: 06/26/04

  • Next message: Robert D. Pinkerton: "Re: Security for Visual Studio.Net"
    Date: Sat, 26 Jun 2004 20:54:44 GMT
    
    

    Ok. that helps. Thanks
    "[MSFT]" <lukezhan@online.microsoft.com> wrote in message
    news:X82wmA0VEHA.692@cpmsftngxa10.phx.gbl...
    > Hi Charlie,
    >
    > To get the form authentication cookie, you may get the cookie name from:
    >
    > FormsAuthentication.FormsCookieName
    >
    > However, the cookie is encrypted, and we cannot get its actual value.
    >
    > Regarding the issue, since the content are accessible to both of
    > Authenticated user and others, you can just leave the content public. Is
    > this right?
    >
    > If you have private and public content on a same web form, you may
    consider
    > following work around:
    >
    > When perform form authentication, you can add a cookie by yourself,
    > indcating the user has been authenticated. And then, arrange pages based
    > on this cookie value.
    >
    > Hope this help,
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >


  • Next message: Robert D. Pinkerton: "Re: Security for Visual Studio.Net"

    Relevant Pages

    • RE: Forms Authentication Across Applications
      ... if the cookie is not issued in the parent application (the one with the ... Cookie and ticket are two differnet things but related. ... "Fariba" wrote: ... I have created an asp.net application that supports form authentication. ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: Forms based security
      ... To get the form authentication cookie, you may get the cookie name from: ... Authenticated user and others, you can just leave the content public. ... (This posting is provided "AS IS", with no warranties, and confers no ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • ASP.Net and Forms Authentication
      ... If I use Form Authentication, encrypting ticket and stroring it in a cookie, ...
      (microsoft.public.dotnet.security)
    • Re: SSL
      ... Let's assume I'm using SSL. ... > authenticated user sitting at their client browser to modify their clear ... cookie would be alarming as they are undoubtedly aware of their own social ... browsers as Mozilla and having such cookie alert setting turned on. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: ASP.NET choke when trying to delete cookies
      ... directory smart which sits on top of the windows AD and authenticated user ... > I suspect it's unrelated to setting the expiration on the cookie. ...
      (microsoft.public.dotnet.framework.aspnet)