MVC - Forms Authentication, IFrame cookies, dynamic Cookieless mode

I have a WebApplicatoon which some of my customers would like to use within an IFrame. However because saving cookies within IFrame's in Internet Explorer is not supported my Forms authentication doesn't.

I can easily solve this by adding

<forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseUri" />

However since my site shows its current url (as any web page does) when it runs outside an iframe this results in some VERY ugly Urls.

So my thought is. Is there any way to solve the IFrame cookie issue with IE (and Safari) without adding P3P headers.

If this is not possible, is there then any way to change the Cookieless mode from code ? Iam thinking of having a IFrame Route which then enables cookieless mode. Something like http://www.mypage.com/IFrame/Account/Login. Since this Route is only used within IFrame's the URL doesnt matter.

Does anyone ha开发者_运维技巧ve a good solution for this ?

This post has solved my problems: http://www.quickstepit.net/internet-explorer-iframe-cookies-mvc3/

I just needed to add a code on ApplicationRequest, without change "forms" tag in web.config.

  <forms loginUrl="~/Home/Index" timeout="2880" />

protected void Application_BeginRequest(object sender, EventArgs e)
    {
        // Source: http://www.quickstepit.net/internet-explorer-iframe-cookies-mvc3/
        HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
    }

I wish that help you! See ya.

See this post for proper way of resolving the issue:

Cookie blocked/not saved in IFRAME in Internet Explorer

According to the response "The tags are not only a bunch of bits, they have real world meanings, and their use gives you real world responsibilities!". Improper use of tags may have legal consequences.