Hi all,

Some of my users are having trouble logging in, which I believe has to do with cookies and privacy settings. .NET forms authenticaion uses a cookie and by default IIS6.0 is set to high security which rejects cookies with no compact privacy policy. I've tried a few things to set this up, but to no avail. Has anybody else tried this? There isn't a huge amount of useful information on MSDN or GotDoNet or 4GuysFromRolla.

One piece of information is that you must add the P3P header item. I have tried this in code (Request</font id="blue">.AppendHeader("P3P"</font id="red">,"DEM NOM..."</font id="red">)) in the OnLoad() event, but when I turn Trace on it doesn't appear to be there. I have tried just adding a header "MyHeader", and that doesn't show up. I suspect I am doing it at the wrong point, either too early or too late.

Does anybody have any experience either with P3P Compact policies in .NET, Forms Authentication or adding cusotme headers? anything would be appreciated.

BTW, DiscountAsp.net exhibits this same behaviour. If you set your browser privacy settings to high, you can't log in to the control panel.

Thanks,

Peter.

Peter,

Yes. ASP.net requires cookie by default to track the session.

You can configure this behavior in the web.config to not use cookie.

See this post by Steurm

http://forum.discountasp.net/topic.asp?TOPIC_ID=313

[b]quote:Originally posted by pjoyce

Hi all,

Some of my users are having trouble logging in, which I believe has to do with cookies and privacy settings. .NET forms authenticaion uses a cookie and by default IIS6.0 is set to high security which rejects cookies with no compact privacy policy. I've tried a few things to set this up, but to no avail. Has anybody else tried this? There isn't a huge amount of useful information on MSDN or GotDoNet or 4GuysFromRolla.

One piece of information is that you must add the P3P header item. I have tried this in code (Request</font id="blue">.AppendHeader("P3P"</font id="red">,"DEM NOM..."</font id="red">)) in the OnLoad() event, but when I turn Trace on it doesn't appear to be there. I have tried just adding a header "MyHeader", and that doesn't show up. I suspect I am doing it at the wrong point, either too early or too late.

Does anybody have any experience either with P3P Compact policies in .NET, Forms Authentication or adding cusotme headers? anything would be appreciated.

BTW, DiscountAsp.net exhibits this same behaviour. If you set your browser privacy settings to high, you can't log in to the control panel.

Thanks,

Peter.
</blockquote id="quote"></font id="quote">

I think I put a little too much information into my first post. Forms authentication uses cookies and I need to use that cookie in my authentication scheme. The crux of the problem is that I can't seem to get ASP.NET to add a header using Response.AddHeader() or Response.AppendHeader(). MS documentation says:
[b]quote:The header can be added to an ASP.NET page using Microsoft® Visual Basic® Scripting Edition (VBScript) with the following code. It should be placed in the ASP.NET page before any of the body of the response is written.
[quote]Response.AddHeader("P3P","CP=\"TST\"");</CODE>
</blockquote id="quote"></font id="quote">

When I do that, even doing it as the first line of the ASP.NET page, the header does not show up. Any thoughts?

Thanks,

Peter.

I'm having a bit of a conversation with myself here, but I did manage to get the headers to work. In point of fact they were working all along, it's just that I could never get them back. I had to telnet in in order to see them. That done, it's still not working correctly. When users have their IE6 privacy setting on "High," they can't log in and see a blocked cookie. I may have to give it up, but if anyone has succesfully implemented a compact privacy policy along with forms authentication, please drop me an e-mail or better yet reply to this thread so eveybody can learn from it.

Cheers!

Peter.