Wednesday, August 09, 2006

(Milk) without Cookies

ASP.NET Forms-authentication doesn't 'work' when a (browser)client refuses cookies. Specifying 'cookieless="AutoDetect"' in 'web.config' will make log-in/out possible.

<authentication mode="Forms">
    <loginUrl="login.aspx" defaultUrl="default.aspx" cookieless="AutoDetect" />

1. Disable cookies in IE
Go to: menu 'Tools' - 'Internet Options...' - (3th) tab 'Privacy' - button 'Advanced...'.
ATTENTION: IE only allows to refuse cookies in the 'internet zone'!

2. Run the Visual Studio 2005 webserver in an 'internet zone-context'.
By default the VS2005 webserver runs in the 'intranet zone'. To 'switch zones' use a full IP-address instead of 'localhost'; so if your website runs at 'http://localhost:28894/myWebsite/' use ''. Notice the 'internet'-zone-icon in the statusbar.

After a successful (forms-)authentication, You will see something like this '' in IE's navigationbar. The red-colored-text is a 'URL-based-cookie'.

No comments: