Short answer: You can't.
简短的回答:不能。
I have an application that issues FormsAuthTickets like this...
我有一个发布FormsAuthTickets这样的应用程序...
// Create the authentication ticket
//创建身份验证票证
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket authTicket =新
FormsAuthenticationTicket(1, //version
FormsAuthenticationTicket(1, //版本
userName, // user name
userName, //用户名
DateTime.Now, //creation
DateTime.Now, //创建
DateTime.Now.AddMinutes(Timeout), //Expiration
DateTime.Now.AddMinutes(Timeout), //到期
false, //Persistent
false , //持久
MYPRIVATEANDVERYIMPORTANTDATA);
MYPRIVATEANDVERYIMPORTANTDATA );
// Now encrypt the ticket.
//现在加密票证。
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
字符串加密的票= FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket to the cookie as data.
//创建一个cookie并将加密的票证添加为该cookie作为数据。
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);
HttpCookie authCookie =新的HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);
...that was written in .NET 1.1. (FYI - It could have just as easily been written in .NET 2.0, there's nothing special here, but I want to write this code to support (be run under) both 1.1 and 2.0.)
...是用.NET 1.1编写的。 (仅供参考-它可以很容易地在.NET 2.0中编写,这里没有什么特别的地方,但是我想编写此代码来支持(在1.1和2.0下运行)。)
The built-in ASP.NET helper functions SetAuthCookie and GetAuthCookie have been expanded to handle Cookieless formsauth in .NET 2.0. So, if I used have used these methods in 1.1 I'd get the new funcitonality when my app was run under 2.0. However, I wanted to include UserData - extra encrypted context stuff - in my FormsAuthenticatonTicket, so the only choice was to issue the cookie myself.
内置的ASP.NET帮助器函数SetAuthCookie和GetAuthCookie已扩展为处理.NET 2.0中的Cookieless Formsauth。 因此,如果我在1.1中使用了这些方法,那么当我的应用程序在2.0下运行时,我将获得新的功能。 但是,我想在FormsAuthenticatonTicket中包含UserData(额外的加密上下文内容),因此唯一的选择是自己发出cookie。
For many of us, the promise of a cookieless Session AND cookieless FormsAuthentication is very exciting:
对于我们许多人而言,无cookie会话和无cookie FormsAuthentication的承诺非常令人兴奋:
<sessionState cookieless="true"/>
<authentication mode="Forms">
<forms name=".SOMEAUTH"
loginUrl="default.aspx"
protection="All"
timeout="30"
path="/Whatever"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"cookieless="UseUri" />
</authentication>
<sessionState cookieless =“ true” /> <authentication mode =“表格”> <forms name =“。SOMEAUTH” loginUrl =“ default.aspx” protection =“全部” 超时=“ 30” path =“ /随便” requireSSL =“ false” slideExpiration =“ true” defaultUrl =“ default.aspx” cookieless =“ UseUri” /> </ authentication>
If you issue your own cookie like I do, adding it to Response.Cookies yourself as I do, your ASP.NET application won't get cookieless FormsAuthentication.
如果像我一样发布自己的cookie,并将其添加到Response.Cookies中,就像我一样,您的ASP.NET应用程序将不会获得无cookie的FormsAuthentication。
The problem is, System.Web.Security.FormsAuthentication.SetAuthCookie(String, Boolean) doesn’t allow the setting of UserData. (only String.Empty is passed in on creation of the ticket)
问题是System.Web.Security.FormsAuthentication.SetAuthCookie(String,Boolean)不允许设置UserData 。 (仅在创建票证时传递String.Empty)
To be clear – if I could use SetAuthCookie and GetAuthCookie (the public static interfaces) I'd have been fine and received the new functionality. However, the UserData support is where this important scenario falls down. I thought I could roll this myself, but all the classes I need are very internal and more than a little icky.
需要明确的是–如果我可以使用SetAuthCookie和GetAuthCookie(公共静态接口),我会很好的,并获得了新功能。 但是,UserData支持是此重要方案失败的地方。 我以为自己可以自己动手做,但是我需要的所有课程都是非常内部的,有些讨厌。
A Microsoft ASP.NET insider said:
一位Microsoft ASP.NET内部人士说:
There isn't an API that allows the use of UserData with cookieless tickets. Unfortunately UserData was [not included] in the cookieless forms auth implementation.
没有一个API允许将UserData与无cookie票证一起使用。 不幸的是,UserData没有包含在无cookie表单身份验证实现中。
Conclusion: If you want cookieless FormsAuthentication you must use SetAuthCookie. Full stop. Until then I will find somewhere else to store my UserData.
结论:如果需要无cookie的FormsAuthentication,则必须使用SetAuthCookie 。 句号在那之前,我将在其他地方存储我的UserData。