ASP.NET Syntax ASP.NET Configuration Sections
.NET Framework version 2.0
Configures anonymous identification for application authorization. This is required to identify entities that are not authenticated when authorization is required.
<anonymousIdentification
cookieless = "[ UseUri | UseCookies | AutoDetect | UseDeviceProfile ]"
cookieName = ""
cookiePath = ""
cookieProtection = "[ None | Validation | Encryption | All ]"
cookieRequireSSL = "[ true | false ]"
cookieSlidingExpiration = "[ true | false ]"
cookieTimeout = "[ DD.HH:MM:SS ]"
domain = "cookie domain"
enabled = "[ true | false ]"
/>
The following sections describe attributes, child elements, and parent elements.
| Attribute |
Description |
| cookieless |
Specifies whether to use cookies for a Web application. The HttpCookieMode enumeration is used to specify the value for this attribute in the configuration section. It is used by all features that support cookieless authentication. When the AutoDetect value is specified, ASP.NET queries the browser or device to determine whether it supports cookies. If the browser or device supports cookies, cookies are used to persist user data; otherwise, an identifier is used in the query string.
This attribute can be one of the following possible values.
| Value |
Description |
| AutoDetect |
Specifies that ASP.NET determines whether the requesting browser or device supports cookies. If the requesting browser or device supports cookies, AutoDetect uses cookies to persist user data; otherwise, an identifier is used in the query string. If the browser or device supports the cookies, but cookies are currently disabled, cookies are still used by the requesting feature. |
| UseCookies |
Specifies that cookies are used to persist user data, regardless of whether the browser or device supports cookies. This is the default. |
| UseDeviceProfile |
Specifies that ASP.NET determines whether to use cookies based on the HttpBrowserCapabilities setting. If the setting indicates that the browser or device supports cookies, cookies are used; otherwise, an identifier is used in the query string. |
| UseUri |
Specifies that the calling feature uses the query string to store an identifier, regardless of whether the browser or device supports cookies. |
The default is "UseCookies". |
| cookieName |
Specifies the name that is assigned to the cookie.
The default value is ".ASPXANONYMOUS". |
| cookiePath |
Specifies the path to the directory where the cookie is stored. The path is case sensitive.
The default is the root directory that is specified by "/". |
| cookieProtection |
Specifies the cookie protection scheme.
This attribute can be one of the following possible values.
| Value |
Description |
| All |
Specifies that both the Validation and Encryption values are used to protect the information in the cookie. |
| Encryption |
Encrypts the information in the cookie. |
| None |
Specifies that the cookie information is not protected. Information in the cookie is stored in clear text and is not validated when the information is sent back to the server. |
| Validation |
Ensures that the information in the cookie has not been altered before the information is sent back to the server. |
The default is "Validation". |
| cookieReuireSSL |
Specifies whether the cookie requires an SSL connection when it is transmitted to the client. Because ASP.NET sets the authentication cookie property, Secure, the client does not return the cookie unless an SSL connection is in use.
The default is false. |
| cookieSlidingExpiration |
Required Boolean attribute.
Specifies whether the cookie timeout is reset at each request or at a predefined fixed time interval. If true, the cookie timeout is when less than 50 percent of the TTL remains. If false, the cookie times out after the cookieTimeout duration has passed.
The default is true. |
| cookieTimeout |
Required TimeSpan attribute.
Specifies the cookie expiration time interval, in minutes.
The default is 10000 minutes ( 69 days, 10 hours, and 40 minutes ). |
| domain |
Specifies the cookie domain. This attribute allows sharing of the anonymous identification cookie across domains that have a common DNS namespace ( for example, all sites that end in contoso.com ). To share anonymous identification cookies, the sites must share common decryption and validation keys. Other anonymous identification configuration attributes, such as cookie path and cookie name, must be the same for all the sites. For more information, see HttpCookie.
The default is an empty string ( "" ). |
| enabled |
Optional Boolean attribute.
Specifies whether anonymous identification is enabled. If true, a cookie ( or cookieless value ) is used to manage the user’s anonymous identifier.
The default is false. |
None.
| Element |
Description |
| configuration |
Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications. |
| system.web |
Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave. |
The anonymousIdentification element configures anonymous identification for application authorization. This is required to identify entities that are not authenticated when using the Profile feature.
You can exceed the maximum size of the URI when you send the anonymous identification ticket in the URI. If the combination of the anonymous identification ticket, forms authentication ticket, session ID, and user data is greater than the maximum permissible URI length, the request will fail with a 400-Bad Request error.
The following default anonymousIdentification element is not explicitly configured in the Machine.config file or in the root Web.config file. However, it is the default configuration that is returned by application.
<anonymousIdentification
cookieless = "UseCookies"
cookieName = ".ASPXANONYMOUS"
cookiePath = "/"
cookieProtection = "Validation"
cookieRequireSSL = "false"
cookieSlidingExpiration = "true"
cookieTimeout = "100000"
domain = ""
enabled = "false"
/>
The following code example demonstrates how to configure a site for anonymous identification.
<configuration>
<system.web>
<anonymousIdentification
cookieless = "UseCookies"
cookieName = ".ASPXANONYMOUS
cookiePath = "/"
cookieProtection = "Clear"
cookieRequireSSL = "false"
cookieSlidingExpiration = "true"
cookieTimeout = "30"
enabled = "true" />
</system.web>
</configuration>
ASP.NET Configuration AnonymousIdentificationSection Class AnonymousIdentificationModule Class