Home/ Questions/Q 6102793
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T13:39:20+00:00

I develop some site, that uses authentication ticket from API of other service. I

  • 0

I develop some site, that uses authentication ticket from API of other service.
I have method GetSessionTicket() from API. And now question:
can i do asp.net authentication thats depends only from cookie?
Now i remove all section about Membership provider at web.config:

<add name="ApplicationServices"
     connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
     providerName="System.Data.SqlClient" />
<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />
  </providers>
</membership>
<profile>
  <providers>
    <clear/>
    <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
  </providers>
</profile>-->
<roleManager enabled="false">
  <providers>
    <clear/>
    <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
  </providers>
</roleManager>

and left this:

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

LogOn logic looks like:

var ticket = SecurityService.GetSessionTicket(model.UserName, model.Password);
FormsAuthentication.SetAuthCookie(ticket.SessionUserId.ToString(), true);

Is it ok? Now my ASP.NET authorization based only on cookie and does not require sql server or aspnetdb.mdf, yes?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes it is fine to do this, what you are essentially doing is implementing Forms authentication, without the membership database. You are not required to use a membership datbase to achieve authentication, and setting the cookies in code is fine.

    • 0