Form authentication can be used for setting up custom user registration system for the website. The advantage of using this type of authentication is that, it enables to store username and passwords in whatever storage mechanism is desired. For example, storing username and password in the Web.Config file, an XML file, or a database table.

If a user requests a page without the proper Authentication Ticket, he or she can be automatically redirected to the login page. If the user enters a valid username and password combination, you can automati­cally redirect him or her back to the original page.

When using Forms authentication, an automatic user registration system can be easily set up. For example, a database table can be created that contains usernames and pass­words. In that case, adding a new registered user is as simple as adding a new username and password to the database table.

The .NET classes for Forms authentication are located in the System.Web. Security namespace. The following list contains the most important of these classes:

FormsAuthentication

This class contains several shared methods for working with Forms authentication.

FormsAuthenticationTicket

This class represents the authentication Ticket used in the cookie for Forms authentication.

Forms Identity

This class represents the identity of the user authenticated with Forms authentication.

FormsAuthenticationModule

This class is the actual module used for forms authentication.

Enabling Forms Authentication

To enable basic Forms authentication for an application, the follow three steps are to be followed:

• Set the authentication mode for the application by modifying the authentication ­section in the application root Web.Config file.
• Deny access to anonymous users in one or more directories in the application by modifying the authorization section in the Web.Config files in the appropriate directories.
• Create a login page containing a form that enables users to enter their usernames and passwords.

The first step is to enable Forms authentication for an application. To do so, you must modify an application's root directory Web.Config file. If the Web.Config file doesn't exist, it can be created.

The Web.Config Example 61 Web.Config file contains the minimal amount of information necessary to enable Forms authentication for an application.

In above example, the authentication mode is set to Forms. Creating this file enables Forms authentication for the entire application.

The next step is to password-protect individual directories. Users are required to log in to access any ASP.NET page at the Web site by modifying the root directory Web.Config file. Alternatively, Web.Config files can be added to particular directories to password­certain pages.

To password-protect a particular directory and its subdirectories, add the Web. Config file in Example 62to the directory.(Place this at SimpleForm\Secret subdirectory)

ExpertRating ASP.NET Certification - Get Certified Now!!