Default MVC 5 Cookie Protection
I launched a new MVC 5 app in VS2013 (using Authentication = Individual User Accounts in the wizard).
I look at my web.config file and it says:
<authentication mode="None" />
However, I can clearly create an account and login to my site. So it's a bit of a mystery. I read that if I were to use forms based authentication, I would need to mark my SSL-only cookies for my site to be safe (it was only working with SSL yesterday).
Is there a similar step if Authentication Mode is set to No?
What does "No" mean in this context, since I can clearly authenticate to my site?
I am hosting on Azure if it matters, but I suppose it is not.
source to share
MVC5 no longer uses authentication. It uses the asp.net Identity System OWIN middleware to handle authentication files. You will be able to see the configurations related to authentication in the file Startup.Auth.cs
located in the App_Start folder.
<authentication mode="None" />
Authentication Mode is set to None when using personal MVC5 accounts (not any other old / formal authentication). This means the old web.config authentication configurations are no longer available on MVC5 with the asp.net authentication system.
If you were using Windows MVC5 Authentication then windows will execute for Authentication Mode
<authentication mode="Windows" />
Nothing to worry about hosting on azure as we have hosted and manage multiple mvc5 cookie based authentication applications on azure without any issue.
Also you will notice there is different configuration in web.config as shown below.
<modules>
<remove name="FormsAuthentication" />
</modules>
This is to remove the HTTP module, which is no longer needed when using MVC5 individual account credentials.
source to share