Export (0) Print
Expand All
Expand Minimize
This topic has not yet been rated - Rate this topic

FormsProtectionEnum Enumeration

Defines the type of encryption, if any, to use for cookies.

Namespace:  System.Web.Configuration
Assembly:  System.Web (in System.Web.dll)
public enum FormsProtectionEnum
Member nameDescription
AllSpecifies that the application use both data validation and encryption to help protect cookies. This option uses the configured data-validation algorithm (based on the machineKey element). Triple-DES (3DES) is used for encryption, if it is available and if the key is at least 48 bytes long. All is the default (and recommended) value.
EncryptionSpecifies that cookies are encrypted using Triple-DES or DES, but data validation is not performed on cookies. Cookies used this way might be subject to chosen plaintext security attacks.
NoneSpecifies that both encryption and validation are disabled for sites that use cookies only for personalization and thus have weaker security requirements. Using cookies in this manner is not recommended; however, it is the least resource-intensive way to enable personalization using the .NET Framework.
ValidationSpecifies that the application use a validation scheme to verify that the contents of an encrypted cookie have not been altered in transit. The cookie is created by concatenating a validation key with the cookie data, computing a Message Authentication Code (MAC), and appending the MAC to the outgoing cookie.

If you select the All value, the system uses the configured data-validation algorithm, based on the machineKey Element (ASP.NET Settings Schema) tag. This is the default, and recommended, value.

If you select None, cookies might be subject to plaintext attacks.

If you select Validation, the cookie is created using cookie validation by concatenating a validation key with the cookie data, computing a Message Authentication Code (MAC), and appending the MAC to the outgoing cookie.

The following code example shows how to use the FormsProtectionEnum enumeration. Refer to the code example in the FormsAuthenticationConfiguration class topic to learn how to get the section.

            // Get the current Protection.
            FormsProtectionEnum currentProtection = 

            // Set the Protection property.
            formsAuthentication.Protection = 

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.