FormsProtectionEnum Enum

Reference

Definition

Namespace:: System.Web.Configuration

Assembly:: System.Web.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Defines the type of encryption, if any, to use for cookies.

public enum class FormsProtectionEnum

public enum FormsProtectionEnum

type FormsProtectionEnum =

Public Enum FormsProtectionEnum

Inheritance: Object

ValueType

Enum
FormsProtectionEnum

Fields

Name	Value	Description
All	0	Specifies that the application use both data validation and encryption to help protect cookies. This option uses the configured data-validation algorithm (based on the `machineKey` element). Triple-DES (3DES) is used for encryption, if it is available and if the key is at least 48 bytes long. `All` is the default (and recommended) value.
None	1	Specifies that both encryption and validation are disabled for sites that use cookies only for personalization and thus have weaker security requirements. Using cookies in this manner is not recommended; however, it is the least resource-intensive way to enable personalization using the .NET Framework.
Encryption	2	Specifies that cookies are encrypted using Triple-DES or DES, but data validation is not performed on cookies. Cookies used this way might be subject to chosen plaintext security attacks.
Validation	3	Specifies that the application use a validation scheme to verify that the contents of an encrypted cookie have not been altered in transit. The cookie is created by concatenating a validation key with the cookie data, computing a Message Authentication Code (MAC), and appending the MAC to the outgoing cookie.

Examples

The following example shows how to use the FormsProtectionEnum enumeration. Refer to the code example in the FormsAuthenticationConfiguration class to learn how to get the section.

// Get the current Protection.
FormsProtectionEnum currentProtection =
    formsAuthentication.Protection;

// Set the Protection property.
formsAuthentication.Protection =
    FormsProtectionEnum.All;

' Get the current Protection.
Dim currentProtection As FormsProtectionEnum =
formsAuthentication.Protection

' Set the Protection property.
formsAuthentication.Protection = FormsProtectionEnum.All

Remarks

If you select the All value, the system uses the configured data-validation algorithm, based on the machineKey tag. This is the default and recommended value.

If you select None, cookies might be subject to plaintext attacks.

If you select Validation, the cookie is created using cookie validation by concatenating a validation key with the cookie data, computing a Message Authentication Code (MAC), and appending the MAC to the outgoing cookie.

Applies to

Share via