Sign In

Subscribe

Return to HomePage

Does the code persist role manager cookies?

Applies To

* ASP.NET 2.0

Description

Make sure that the roles cookie is not stored on the client by setting the createPersistentCookie attribute to false.

The code should not persist role manager cookies because they are stored in the user's profile and can be stolen if an attacker gains physical access to the user's computer. Role manager cookies can reveal sensitive information about your application's role structure that an attacker can exploit.

The application should not contain code similar to the following example.

		 <system.web>
		  <roleManager createPersistentCookie="true" ... />
		 </system.web>

Instead, the application should contain code similar to the following.

		 <system.web>
		  <roleManager createPersistentCookie="false" ... />
		 </system.web>

Additional Resources

* For more information see, "How To: Use Role Manager in ASP.NET 2.0" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000013.asp

Related Items

Return to HomePage

- History
  
  Modified By: System
  
  Apr 30th, 2008 @ 11:00 AM
  
  Views (0)
- Share
  - Del.icio.us
  - Digg
  - FriendFeed
  - Facebook
Markup Quick Guide

*bold*

_italics_

+underline+

! Heading 1

!! Heading 2

* Bullet List

** Bullet List 2

# Number List

## Number List 2

[another wiki page]

[url:http://www.example.com]

[image:example.gif]

{"Do not apply formatting"}

Channel 9: C9 Conversations: Brian Beckman on Complexity [C9 Conversations: Brian Beckman on Complexity]
Channel 10: Black Friday Deals on Windows 7 Machines
Channel 10: Holiday Shopping on Bing Cashback = Big Online Savings
Channel 10: Black Friday Deals at the Microsoft Store
Channel 10: Incredible Black Friday Deal: Windows 7 Notebook for $197
ASP.NET: Presenting in Europe Next Week
TechNet Edge: AlignIT IT Manager Podcast #30 - Straight Talk about Windows 7
WindowsClient: You know your post rate has gone down...
Silverlight: Geek Profiles – Scott Guthrie
Channel 9: C9 Lectures: Dr. Erik Meijer - Functional Programming Fundamentals Chapter 9 of 13
TechNet Edge: Managing Your Virtual World - Tech Focus November 2009 Part 2
ASP.NET: Silverlight and RIA Services: Implementing Search
Channel 9: C9 Lectures: Brian Beckman - Covariance and Contravariance in Physics 1 of 1
Channel 9: Set Your Data Free
Channel 9: Implementing a Silverlight SharePoint WebPart with Visual Studio 2010
WindowsClient: New WPF Showcase Addition: Enterprise
Channel 9: Reactive Extensions API in depth: Contract
WindowsClient: Concluding "New WPF Features" Series
WindowsClient: Introduction to TestApi – Part 5: Managed Code Fault Injection APIs
ASP.NET: T4MVC now has a real home and a dedicated forum!
close

Microsoft Communities