Friday, 21 December 2018

Cookies


A cookie is a small text file placed on your hard disk drive by a Web server. Its primary purpose is to allow the server to identify a returning client. You can use cookies with or without an authentication mechanism. Consider the following usage scenarios:
·       Use in conjunction with Forms authentication. The server issues the client with a cookie upon authentication and subsequent requests are verified based on the cookie presented to the server.
·       Use for personalization only, where customized content is provided to the user.
ASP.NET provides a mechanism to create cookies and automatically checks for their existence on client requests. The cookies created by ASP.NET can optionally be encrypted using a triple DES scheme supported by the .NET Framework. You can also implement your own implementation of a cookie provider and use it with Forms authentication.
For more information about cookies, see Information About Cookies.
Other considerations
There are possible size limitations on cookies depending on the browser type. The RFC 2019 specifies a 4 KB limit. Internet Explorer 5 does not impose a size limit. Browsers must have their security settings configured to accept cookies for them to work correctly.
Overview
Forms authentication uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site. The forms authentication ticket is usually contained inside a cookie. However, ASP.NET version 2.0 supports cookieless forms authentication, which results in the ticket being passed in a query string.
If the user requests a page that requires authenticated access and that user has not previously logged on to the site, then the user is redirected to a configured logon page. The logon page prompts the user to supply credentials, typically a user name and password. These credentials are then passed to the server and validated against a user store, such as a SQL Server database. In ASP.NET 2.0, user-store access can be handled by a membership provider. After the user's credentials are authenticated, the user is redirected to the originally requested page.
Forms authentication processing is handled by the FormsAuthenticationModule class, which is an HTTP module that participates in the regular ASP.NET page-processing cycle. This document explains how forms authentication works in ASP.NET 2.0.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)