Uses for MachineKey in ASP.NET
What different ways are Machine Keys useful in asp.net?
I think the following are correct but thought there may be more.
cookies
Is encrypting session id (or other authenticate value) in cookie useful at all?
In web development, when session state is enabled, a session id is stored in cookie(in cookieless mode, query string will be used instead). In asp.net, the session id is encrypted automatically. There are plenty of topics on the internet regarding how you should encrypt your cookie, including session id. I can understand why you want to encrypt private info such as DOB, but any private info should not be stored in cookie at first place. So for other cookie values such as session id, what is the purpose encryption? Does it add security at all? no matter how you secure it, it will be sent back to server for decryption.
Proper creation of a cross-domain forms authentication cookie
I’m just creating a simple test between two server. Basically if a user has already authenticated I want to be able to pass them between applications. I changed the keys to hide them
Azure AD Open ID Connect OAuth 2.0 in ASP.NET Web APP and Web API Infinite redirect loop
ASP.NET web app to sign in personal accounts and work and school accounts from any Azure Active Directory (Azure AD) instance.
cookie values disappear when traversing between content pages
in my app. there’s a log in mechanism which save a cookie with the info of the user who just logged in
Best way to determine if cookies are enabled in ASP.NET?
What is the best method for determining if a users browser has cookies enabled in ASP.NET
How to set asp.net Identity cookies expires time
I use Asp.Net Identity to control my app’s authorization. Now, I need to do this: if the user does not operate in 30 minutes, jump to the login page, when he login does not select “isPersistent” checkbox.
And, if he selected “isPersistent” checkbox, set the expiration date of cookie for 14 days.
I try to do this by change the Startup.Auth.cs like this:
ASP.Net FormsAuthentication Redirect Loses the cookie between Redirect and Application_AuthenticateRequest
I have a FormsAuthentication cookie that is persistent and works independently in a development, test, and production environment. I have a user that can authenticate, the user object is created, the authentication cookie is added to the response:
Stopping cookies being set from a domain (aka “cookieless domain”) to increase site performance
I was reading in Google’s documentation about improving site speed. One of their recommendations is serving static content (images, css, js, etc.) from a “cookieless domain”:
asp.net “Remember Me” cookie
I have implemented remember me option in my asp.net webform by using this,