>>Like William I use Form Authentication too. But I use cookies in my ASP.NET app; not for authentication but for other purpose.
>
>Thanks, could you elaborate on Form Authentication. I just would like to verify if this is the same as what I already tried a few years ago.
>
In my web.config I have the following:
<authentication mode="Forms">
<forms name="MyAppName" path="/" loginUrl="MyAppLogon.aspx"/>
</authentication>
Therefore, user has to enter his/her ID and password which are validates in the MyAppLogon form.
>As for the usage of cookies elsewhere, do you have problem with browsers blocking cookies, where you have to either drop the cookie security at the browser level or add your Web site in the list of Trusted sites? Because, this is the major issue right now with the usage of cookies. There are so many browser installation, or those that would increase their security after a while, making it that the cookie is intercepted by the browser and rejected.
I have not had problems with browser blocking cookies because the app is installed on intranet and the users know that they have to allow cookies. But what I should have said, correcting myself, is when the application is using Form Authentication the cookie is not used. But when the application runs without form authentication (anonymously), the cookie is used to get the user name/email/etc. from the database.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham
