ASP.NET窗体身份验证不使用 SessionState会。它使用Cookie来存储身份验证票。

ASP.NET Forms authentication does not use SessionState. It uses a cookie to store the authentication ticket.

您也可以强制身份验证票证通过SSL通道通过编辑发送的web.config 文件。

You can also force the authentication ticket to be sent over SSL channel by editing the web.config file.

所有您需要的功能可内置于ASP.NET。

All the functionality you need is available built-in in ASP.NET.

http://msdn.microsoft.com/en-us/library/aa480476.aspx