Friday 22 July 2011

Web.config And Forms Authentication


Authentication is necessary to almost every application. ASP.NET brings different Authentication Providers to make the authentication process easier. Among them, Forms-based authentication is the most often used one. With Forms Authentication, we create a login form with the logic to validate a user and .NET will create a Cookie on successful validation which the application will check for on each client request.

Forms Authentication is configured in web.config,

' web.config file   
<configuration>
    <system.web>    
        <authentication mode="Forms"/>
    </system.web>
</configuration>

If we want to deny access to anonymous users, configure the Authorization section in the following manner,

' web.config file    
<configuration>
    <system.web>
        <authentication mode="Forms"/>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>

With Forms Authentication, we can configure the name of the cookie to use, the protection type, the URL to use for the loginUrl, the length of time(minutes) the cookie is in effect, and the path to use for the issued cookie. If no cookie name is specified, the default is .ASPXAUTH. The loginUrl is the location of the Login form and to which any unauthenticated requests for protected resources will be automatically redirected.

' web.config file
<configuration>
    <system.web>    
        <authentication mode= "Forms">
            <forms name="MyLoginCookie" loginUrl="MyLoginForm.aspx" protection="[All/None/Encryption/Validation]" timeout="30" path="/” />
        </authentication>
    </system.web>
</configuration>

 ASP.NET also allows us to define login credentials in the Web.config file and Authenticate against them using the Authenticate() method of the FormsAuthentication provider. Of course, we only consider this way if there is a relatively small number of users; or else we’d better authenticate a user against a database of user credentials.

' web.config file   
<configuration>
    <system.web>
    <authentication mode="Forms">
    <forms loginUrl="MyLoginPage.aspx">
        <credentials passwordFormat="[Clear/SHA1/MD5]">
            <user name="mary" password="msdyaredd" />
        </credentials>
    </forms>
    </authentication>
    </system.web>
</configuration>
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)