I have a requriement to implement Authentication in a ASP.NET website (public website, not intranet). But the client do not want to enable cookie, even they do not want URL rewrite. Is there a way to achieve Form Authentication satisfying above conditions? Or Is there any other kind of Authetication suitable for this scenario?
Well if you are using something like AngularJS you can keep the token in javascript and pass it back and forth.
https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/
However if you need to stay purely in the realm of ASP.NET and you won't be using any MVVM frontend framework, then cookies or URL rewriting are the only 2 options I am aware of. Well, only 2 plausible options I am aware of. They are some other ways I know but they violate many security principles.