This is a mirror of official site: http://jasper-net.blogspot.com/

Using Forms Authentication in ASP.NET

| Monday, June 14, 2010
Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

In classic ASP, authentication was pretty much all or nothing. Either you were using integrated security (often referred to as the Microsoft Windows NT LAN Manager [NTLM] challenge/response authentication protocol ), Basic (referred to as clear text), or you had created your own type of authentication. This was often an arduous task. Forms Authentication allows developers to store the authentication information, such as username and password, in the Web.config file, or you can still use your own method, such as a database, eXtensible Markup Language (XML) file, or text file. The great thing about forms authentication is you no longer have to program the state-tracking portion. ASP.NET does it for you!

download source code
view demo
Forms Authentication Background


Forms authentication uses cookies to allow applications to track users throughout their visit. The way ASP.NET handles forms authentication is probably very similar to the methods you have used in classic ASP. When a user logs in via forms authentication, a cookie is created and used to track the user throughout the site. If the user requests a page that is secure and has not logged in, then the user will be redirected to the login page. Once the user has been successfully authenticated, he/she will be redirected to their originally requested page.

Standard Forms Authentication Setup


Pages used: Default.aspx, Login.aspx, Web.config

In the standard method of Forms Authentication, all user information is stored in the Web.config.

Create a folder named standardForms under your webroot.

Make this folder an application inside the Internet Services Manager. (This should be familiar territory if you ever used the Global.asa in ASP.)

Web.config Overview


The Web.config contains all of the configuration settings for an ASP.NET application. The idea is to put the control of the Web application in the hands of the developer rather than the system administrator. There are lots of options you can use here. This article details only the ones specific to Forms Authentication today.

Read more: 15 seconds

Posted via email from .NET Info

0 comments: