System.Web.Security Namespace
.NET Framework version 2.0
Describes how information in a cookie is protected.
| Member |
Description |
| All |
Use both Validation and Encryption to protect the information in the cookie. |
| Encryption |
Encrypt the information in the cookie. |
| None |
Do not protect information in the cookie. Information in the cookie is stored in clear text and not validated when sent back to the server. |
| Validation |
Ensure that the information in the cookie has not been altered before being sent back to the server. |
You can specify the protection of the cookie where roles are cached for your application by setting the cookieProtection attribute in the Web.config file for your ASP.NET application. The cookieProtection attribute takes a CookieProtection enumeration value that indicates whether the role names are encrypted, validated, both, or neither.
The following example shows the roleManager element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application uses a SqlRoleProvider instance and sets cookieProtection attribute to Encrypted.
<roleManager defaultProvider = "SqlProvider"
enabled = "true"
cacheRolesInCookie = "true"
cookieName = ".ASPROLES"
cookieTimeout = "30"
cookiePath = "/MyApplication"
cookieRequireSSL = "false"
cookieSlidingExpiration = "true"
cookieProtection = "Encrypted">
<providers>
<add
name = "SqlProvider"
type = "System.Web.Security.SqlRoleProvider"
connectionStringName = "SqlServices"
applicationName = "MyApplication" />
</providers>
</roleManager>
