开发者

How does IIS persist a user's identity from page to page in an ASP.net application?

Web pages are, by nature, state-less objects. When you click from page to page in an ASP.net application, each request for a page is treated as a brand-new request. We use things like cookies, session-variables, and query开发者_开发知识库 strings to maintain state from page to page.

When you log in to an ASP.net web application using Windows Authentication, how does IIS persist your identity between pages?


If you use something like Fiddler2, or any other web proxy tool, you can look at the header and see that for Windows Integrated Authentication, it gets the domain/username from the header, so it is able to know who you are, and then it will probably be using a session to help keep state between pages.


Session is identified usually by a cookie (the 'session cookie') unless you set your app to be "cookieless", in which case the identifier is in the url.

http://msdn.microsoft.com/en-us/library/aa479314.aspx


The browser "helps out" in the case of domain authentication. Instead of asking you on every request, it remembers what you entered the first time and keeps re-sending it along with every request for that site.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜