| aspxtreme |
Home Getting Started Web Forms Web Applications ADO.NET ASP/ADO Back to Basics |
  |
CookieProtection Enumeration
.NET Framework version 2.0
Describes how information in a cookie is protected.
Members
| Member | Description |
|---|---|
| All | Use both Validation and Encryption to protect the information in the cookie. |
| Encryption | Encrypt the information in the cookie. |
| None | Do not protect information in the cookie. Information in the cookie is stored in clear text and not validated when sent back to the server. |
| Validation | Ensure that the information in the cookie has not been altered before being sent back to the server. |
Remarks
You can specify the protection of the cookie where roles are cached for your application by setting the cookieProtection attribute in the Web.config file for your ASP.NET application. The cookieProtection attribute takes a CookieProtection enumeration value that indicates whether the role names are encrypted, validated, both, or neither.
Example
The following example shows the roleManager element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application uses a SqlRoleProvider instance and sets cookieProtection attribute to Encrypted.
<roleManager defaultProvider = "SqlProvider"
enabled = "true"
cacheRolesInCookie = "true"
cookieName = ".ASPROLES"
cookieTimeout = "30"
cookiePath = "/MyApplication"
cookieRequireSSL = "false"
cookieSlidingExpiration = "true"
cookieProtection = "Encrypted">
<providers>
<add
name = "SqlProvider"
type = "System.Web.Security.SqlRoleProvider"
connectionStringName = "SqlServices"
applicationName = "MyApplication" />
</providers>
</roleManager>
