Jan. 10, 2011, 7:56 p.m.
posted by rad
Anonymous identification is another new feature in ASP.NET 2.0. The goal of the feature is to provide a unique identification to users who are not authenticated. The feature is not tied in any way to security but is rather a simple mechanism to assign a guaranteed unique ID to anonymous users. After authentication, the anonymous ID is removed from the request.
Anonymous identification is not enabled by default. To enable it you must either add an entry to your web.config file or modify machine.config. Below is a web.config that enables the anonymous identification feature:
<configuration> <system.web> <anonymousIdentification enabled="true" /> </system.web> </configuration>
Enabling the feature is simple. There are, however, several other attributes that can be set, as shown in Listing 7.8.
Configuring Anonymous Identification
<configuration> <system.web> <anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="None" cookieless="UseCookies" /> </system.web> </configuration>
As you can see, a Boolean-enabled attribute is used to enable the feature. When enabled, anonymous identification will use a cookie to store the anonymous ID. If you do not wish to use a cookie or do not know if the end user browser supports cookies, you can also set one of the following values for cookieless:
However, UseCookies (shown in Listing 7.8) is the recommended choice. This option is less intrusive; that is, the ID is not embedded in the URL, and nearly all users accept cookies. When using the AutoDetect option, keep in mind that ASP.NET will need to test the incoming request to see whether cookies are supported.
Once anonymous identification is enabled, unauthenticated requests are assigned an anonymous ID. This is different than the Session ID. The Session ID is a relatively small identifier and is guaranteed to be unique only for the duration of the session; the anonymous ID value is a GUID and is guaranteed to be globally unique.
The anonymous ID is accessed through the new Request.AnonymousId property. Although the anonymous ID is a GUID, the ASP.NET team decided to make the return value type string—more users are familiar with working with string than GUIDs.
Anonymous Identification Events
Two events are raised by anonymous identification.
As we'll see shortly, the AnonymousIdentification_OnRemove event is important since we use it in conjunction with Personalization to allow for the migration of anonymous personalization data.