Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
.NET Framework Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
.NET Development
.NET Framework 3.5
ASP.NET Reference
 <anonymousIdentification>

  Switch on low bandwidth view
This page is specific to
Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:
.NET Framework General Reference
anonymousIdentification Element (ASP.NET Settings Schema)

Configures anonymous identification for application authorization. This is required to identify entities that are not authenticated when authorization is required.

This element is new in the .NET Framework version 2.0.

configuration Element (General Settings Schema)
  system.web Element (ASP.NET Settings Schema)
    anonymousIdentification Element (ASP.NET Settings Schema)
<anonymousIdentification  
   enabled="[true | false]"
   cookieless="[UseUri | UseCookies | AutoDetect | UseDeviceProfile]"
   cookieName=""
   cookiePath=""
   cookieProtection="[None | Validation | Encryption | All]"
   cookieRequireSSL="[true | false]"
   cookieSlidingExpiration="[true | false]"
   cookieTimeout="[DD.HH:MM:SS]"
   domain="cookie domain"
/>

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

cookieless

Specifies whether to use cookies for a Web application. The HttpCookieMode enumeration is used to specify the value for this attribute in the configuration section. It is used by all features that support cookieless authentication. When the AutoDetect()()() value is specified, ASP.NET queries the browser or device to determine whether it supports cookies. If the browser or device supports cookies, cookies are used to persist user data; otherwise, an identifier is used in the query string.

NoteNote:
When you configure an AJAX-enabled ASP.NET Web site, use only the default value of UseCookies for the cookieless attribute. Settings that use cookies encoded in the URL are not supported by the ASP.NET AJAX client script libraries.

This attribute can be one of the following possible values.

Value Description
AutoDetect Specifies that ASP.NET determines whether the requesting browser or device supports cookies. If the requesting browser or device supports cookies, AutoDetect uses cookies to persist user data; otherwise, an identifier is used in the query string. If the browser or device supports the cookies, but cookies are currently disabled, cookies are still used by the requesting feature.
UseCookies Specifies that cookies are used to persist user data, regardless of whether the browser or device supports cookies. This is the default.
UseDeviceProfile Specifies that ASP.NET determines whether to use cookies based on the HttpBrowserCapabilities setting. If the setting indicates that the browser or device supports cookies, cookies are used; otherwise, an identifier is used in the query string.
UseUri Specifies that the calling feature uses the query string to store an identifier, regardless of whether the browser or device supports cookies.

The default is "UseCookies".

cookieName

Specifies the name that is assigned to the cookie.

The default value is ".ASPXANONYMOUS".

cookiePath

Specifies the path to the directory where the cookie is stored. The path is case-sensitive.

The default is the root directory that is specified by "/".

cookieProtection

Specifies the cookie protection scheme.

This attribute can be one of the following possible values.

Value Description
All Specifies that both the Validation()()() and Encryption()()() values are used to protect the information in the cookie.
Encryption Encrypts the information in the cookie.
None Specifies that the cookie information is not protected. Information in the cookie is stored in clear text and is not validated when the information is sent back to the server.
Validation Ensures that the information in the cookie has not been altered before the information is sent back to the server.

The default is "Validation".

cookieRequireSSL

Specifies whether the cookie requires a Secure Sockets Layer (SSL) connection when it is transmitted to the client. Because ASP.NET sets the authentication cookie property, Secure()()(), the client does not return the cookie unless an SSL connection is in use.

The default is false.

cookieSlidingExpiration

Required Boolean attribute.

Specifies whether the cookie timeout is reset at each request or at a predefined fixed time interval. If true, the cookie timeout occurs when less than 50 percent of the Time to Live (TTL) remains. If false, the cookie times out after the cookieTimeout duration has passed.

The default is true.

cookieTimeout

Required TimeSpan attribute.

Specifies the cookie expiration time interval, in minutes.

The default is 100000 minutes (69 days, 10 hours, and 40 minutes).

The maximum value is 2 years.

domain

Specifies the cookie domain. This attribute allows the anonymous identification cookie to be shared across domains that have a common DNS namespace (for example, all sites that end in contoso.com). To share anonymous identification cookies, the sites must share common decryption and validation keys. Other anonymous identification configuration attributes, such as cookiePath and cookieName, must be the same for all the sites. For more information, see HttpCookie.

The default is an empty string ("").

enabled

Optional Boolean attribute.

Specifies whether anonymous identification is enabled. If true, a cookie (or cookieless value) is used to manage the user's anonymous identifier.

The default is false.

Child Elements

None.

Parent Elements

Element

Description

configuration

Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.

system.web

Specifies the root element for the ASP.NET configuration settings in a configuration file and contains elements that configure ASP.NET Web applications and control how the applications behave.

The <anonymousIdentification> element configures anonymous identification for application authorization. This is required to identify entities that are not authenticated when you use the Profile feature.

You can exceed the maximum size of the URI when you send the anonymous identification ticket in the URI. If the combination of the anonymous identification ticket, forms authentication ticket, session ID, and user data is greater than the maximum permissible URI length, the request will fail with a 400-Bad Request error.

Default Configuration

The following default <anonymousIdentification> element is not explicitly configured in the Machine.config file or in the root Web.config file. However, it is the default configuration that is returned by an application. 

<anonymousIdentification 
   enabled="false" 
   cookieName=".ASPXANONYMOUS" 
   cookieTimeout="100000"    
   cookiePath="/" 
   cookieRequireSSL="false" 
   cookieSlidingExpiration="true" 
   cookieProtection="Validation"    
   cookieless="UseCookies" 
   domain="" 
/>

The following code example demonstrates how to configure a site for anonymous identification. 

<configuration>
    <system.web>
      <anonymousIdentification 
        enabled="true"
        cookieless="UseCookies"
        cookieName=".ASPXANONYMOUS"
        cookieTimeout="30"
        cookiePath="/"
        cookieRequireSSL="false"
        cookieSlidingExpiration = "true"
        cookieProtection="Clear"
      />
    </system.web>
</configuration>

Configuration section handler

AnonymousIdentificationSection

Configuration member

AnonymousIdentification()()()

Configurable locations

Machine.config

Root-level Web.config

Application-level Web.config

Requirements

Microsoft Internet Information Services (IIS) versions 5.0, 5.1, or 6.0

The .NET Framework version 2.0

Microsoft Visual Studio 2003 or Visual Studio 2005

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker