Home/ Questions/Q 8424853
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T04:07:08+00:00

I tried implementation ASP.NET role-based authorization for my project, but I never found cookie

  • 0

I tried implementation ASP.NET role-based authorization for my project, but I never found cookie is saved in client browser. I tried some testing code like,

RolePrincipal rolePrincipal = new RolePrincipal(new GenericIdentity("a"));
string text1 = rolePrincipal.ToEncryptedTicket();

There’s no roles in this such simple RolePrincipal object and Roles.CookieProtectionValue is set to ‘none’. However the length of text1 is 4,688 which is larger than 4,096, so it fails to push the cookie into client browser.

It does not make sense otherwise it’s not possible to use cookie to cache the roles.

What’s wrong with it?

Thanks

Here’s related sections in web.config

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" name=".TestAUTH"/>
</authentication>
<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />
  </providers>
</membership>

<profile>
  <providers>
    <clear/>
    <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
  </providers>
</profile>

<roleManager enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
  <providers>
    <clear/>
    <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
  </providers>
</roleManager>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Unfortunately this is by design due to changes in the underlying types in .NET 4.5. You can turn off storing of user roles in cookies to prevent this issue (http://msdn.microsoft.com/en-us/library/system.web.security.roles.cacherolesincookie.aspx).

    https://connect.microsoft.com/VisualStudio/feedback/details/759157/net-4-5-binaryformatter-serialization-generates-too-long-string

    • 0