MENU
- HOME
- ALYSSIA
- CHANNEL STATS
- FORUMS
- VB.NET
- C#.NET
- .NET
- F.A.Q.
- SUPPORT
- INSTANT HELP
- GUESTBOOK
- EMAIL
- RSS FEED LIST

MSDN ARTICLES

Click Here for the latest web developers articles about your favorite technologies, from MSDN!

SEEN LATELY...

 
SUPPORT

FORMS AUTHENTICATION OVERVIEW:
From time to time, people have stopped in to the #asp.net channel on DalNet and asked about Forms Authentication. This article briefly describes Forms Authentication and how you may use it to password protect pages in your web application.

LAST TECHNICAL REVIEW: 24-JUN-2004

ARTICLE:
Forms authentication in ASP.NET is a way to password protect pages within your web application. The pages that you want to protect are placed within a subdirectory of the web site. You then add and configure a special file called Web.Config within the same subdirectory. Note that you may also use this Web.Config at the top level web site directory to protect an entire site. However, doing so will require your users to already have a username and password to access the web site.

After you enable and configure Forms Authentication for a directory, the pages within that directory cannot be accessed unless the user has an Authorization Ticket. The Authorization Ticket is stored in a cookie. For this reason, the user must have cookies enabled to login to a web site that uses Forms Authentication.

Using Forms Authentication, you can set up a system by which the user is redirected to a login page when they do not possess the proper Authentication Ticket. This allows the user the opportunity to login if they are already registered, or to register if they are not yet registered. The user may then be redirected back to the page that they originally requested.

To enable basic forms authentication for an application, you must complete the following steps:

1. Set the authentication mode for the application by modifying the authentication section in the applications Web.Config file. If a Web.Config file does not exist, you will need to create one.

2. Deny access to anonymous users in one or more directories in the application by modifying the authorization section in the Web.Config files of the appropriate directories.

3. Create a login page containing a form that enables users to enter their username and password.

Note that you must also enable Forms Authentication for an ASP.NET application at the root level of the web site. To do this, you must set the authentication mode only in the Web.Config file located in the web sites root directory. If there is not a Web.Config file in the root directory, you must create one. Enabling Forms Authentication for the site does not force you do password protect every page. You may allow anonymous access to certain areas of the site, while password protecting other areas.

STILL NEED HELP?

If you are still having problems, come to the #asp.net channel on DALnet. Or, you can chat with RockydotNet now using InstantHelp.

 

Copyright © 2005 - Parametric Systems - All Rights Reserved.