Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
CookieProtectionValue Property

Roles.CookieProtectionValue Property

Gets a value that indicates how role names cached in a cookie are protected.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public static CookieProtection CookieProtectionValue { get; }

Property Value

Type: System.Web.Security.CookieProtection
One of the CookieProtection enumeration values indicating how role names that are cached in a cookie are protected. The default is All.

You can specify the protection of the cookie where roles are cached for your application by setting the cookieProtection attribute in the Web.config file for your ASP.NET application. The cookieProtection attribute takes a CookieProtection enumeration value that indicates whether the role names are encrypted, validated, both, or neither.

The following example shows the roleManager element in the system.web section of the Web.config file for an ASP.NET application. It specifies that the application uses a SqlRoleProvider instance and sets cookieProtection attribute to Encrypted.

<roleManager defaultProvider="SqlProvider" 
  enabled="true"
  cacheRolesInCookie="true"
  cookieName=".ASPROLES"
  cookieTimeout="30"
  cookiePath="/MyApplication"
  cookieRequireSSL="false"
  cookieSlidingExpiration="true"
  cookieProtection="Encrypted" >
  <providers>
    <add
      name="SqlProvider"
      type="System.Web.Security.SqlRoleProvider"
      connectionStringName="SqlServices"
      applicationName="MyApplication" />
  </providers>
</roleManager>

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0
Show:
© 2015 Microsoft