Configure the Cookie Mode for Forms Authentication (IIS 7)
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
You can choose one of the following cookie modes for your site or application.
| Mode | Description |
|---|---|
Use cookies |
Cookies are always used regardless of device. |
Do not use cookies |
Cookies are not used. |
Auto Detect |
Cookies are used if the device profile supports cookies. Otherwise, no cookies are used. For desktop browsers that are known to support cookies, ASP.NET checks to determine whether cookies are enabled. This is the default setting. |
Use device profile |
Cookies are used if the device profile supports cookies. Otherwise, no cookies are used. ASP.NET does not check to determine whether cookies are enabled on devices that support cookies. This is the default setting for IIS 7. |
Important
The Do not use cookies mode has security implications that you should consider before choosing that mode. For more information, see Configure Use URI Cookie Mode for Session State (IIS 7)
Prerequisites
For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Authentication Feature Requirements (IIS 7).
Exceptions to Feature Requirements
- None
Modules
- FormsAuthenticationModule
To configure the cookie mode for Forms authentication
You can perform this procedure by using the user interface (UI), by running Appcmd.exe commands in a command-line window, by editing configuration files directly, or by writing WMI scripts.
User Interface
To use the UI
Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
In Features View, double-click Authentication.
On the Authentication page, select Forms Authentication.
In the Actions pane, click Edit.
In the Edit Forms Authentication Settings dialog box, select the cookie mode you want to use from the Mode drop-down list in the Cookie settings area, and then click OK.
Command Line
To configure the cookie mode for Forms authentication, use the following syntax:
appcmd set config /commit:WEBROOT /section:system.web/authentication /forms.cookieless: UseUri | UseCookies | AutoDetect | UseDeviceProfile
The default value for forms.cookieless is UseDeviceProfile. For example, to configure the cookie mode for Forms authentication to use the setting Use Device Profile, type the following at the command prompt, and then press ENTER:
appcmd set config /commit:WEBROOT /section:system.web/authentication /forms.cookieless:UseDeviceProfile
Note
When you use Appcmd.exe to configure the authentication element at the global level in IIS 7, you must specify /commit:WEBROOT in the command so that configuration changes are made to the root Web.config file instead of ApplicationHost.config.
For more information about Appcmd.exe, see Appcmd.exe (IIS 7).
Configuration
The procedure in this topic affects the following configuration elements:
<forms> under <authentication> under <system.web>
For more information about IIS 7 configuration, see IIS 7.0: IIS Settings Schema on MSDN.
WMI
Use the following WMI classes, methods, or properties to perform this procedure:
- FormsAuthenticationConfiguration.Cookieless property
For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.