Can you explain Forms authentication in detail

Q

Can you explain Forms authentication in detail ?

✍: Guest

A

In old ASP if you where said to create a login page and do authentication you have to do hell lot of custom coding. But now in ASP.NET that’s made easy by introducing Forms authentication. So let’s see in detail what form authentication is.
Forms authentication uses a ticket cookie to see that user is authenticated or not. That means when user is authenticated first time a cookie is set to tell that this user is authenticated. If the cookies expire then Forms authentication mechanism sends the user to the login page.
Following are the steps which defines steps for Forms authentication :-
1. Configure Web.config file with forms authentication. As shown below in the config file you can see we have give the cookie name and loginurl page.

<configuration>
<system.web>
<!-- Other settings omitted. -->
<authentication mode="Forms">
<forms name="logincookies"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/" />
</authentication>
</system.web>
</configuration>

2. Remove anonymous access to the IIS web application, following are changes done to web.config file.

<configuration>
<system.web>
<!-- Other settings omitted. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

3. Create the login page which will accept user information. You will have create your login page that is the Login.aspx which will actually take the user data.
4. Finally a Small coding in the login button.
Let us assume that the login page has two textboxes Txtname and txtapssword.
Also import System.Web.Security and put the following code in login button of the page.

If Page.IsValid Then
If FormsAuthentication.Authenticate(txtName.Text, txtPassword.Text) Then
FormsAuthentication.RedirectFromLoginPage(txtName.Text, False)
Else
lblStatus.Text = "Error not proper user"
End If
End If

2007-10-24, 6514👍, 0💬