Wednesday, August 09, 2006

(Milk) without Cookies

ASP.NET Forms-authentication doesn't 'work' when a (browser)client refuses cookies. Specifying 'cookieless="AutoDetect"' in 'web.config' will make log-in/out possible.


<authentication mode="Forms">
    <loginUrl="login.aspx" defaultUrl="default.aspx" cookieless="AutoDetect" />
</authentication>


HOW TO
1. Disable cookies in IE
Go to: menu 'Tools' - 'Internet Options...' - (3th) tab 'Privacy' - button 'Advanced...'.
ATTENTION: IE only allows to refuse cookies in the 'internet zone'!

2. Run the Visual Studio 2005 webserver in an 'internet zone-context'.
By default the VS2005 webserver runs in the 'intranet zone'. To 'switch zones' use a full IP-address instead of 'localhost'; so if your website runs at 'http://localhost:28894/myWebsite/' use 'http://127.0.0.1:28894/myWebsite'. Notice the 'internet'-zone-icon in the statusbar.


After a successful (forms-)authentication, You will see something like this 'http://127.0.0.1:28894/myWebsite/(X(1)F(aOWN3yyFpZf9q2zuNpSCQX-...dPaNXeutsblP48uGkMk8rbNiVCDXQQk1))/...aspx' in IE's navigationbar. The red-colored-text is a 'URL-based-cookie'.

No comments: