ExpertRating - Online Certification and Employment Testing ExpertRating - Online Certification and Employment Testing ExpertRating - Online Certification and Employment Testing

ExpertRating Home
ExpertRating Benefits
Recommend ExpertRating
Suggest More Tests
Privacy Policy
ASP Dot Net Tutorial - Index
ASP Dot Net Tutorial - Microsofts ASP.NET
ASP Dot Net Tutorial - Begining Web Forms
ASP Dot Net Tutorial - User Controls
ASP Dot Net Tutorial - ADO .NET
ASP Dot Net Tutorial - DataBinding to WebControls
ASP Dot Net Tutorial - DataList Controls
ASP Dot Net Tutorial - DataGrid Control
ASP Dot Net Tutorial - Advance Practical Examples on DataGrid
ASP Dot Net Tutorial - Working with DataSets
ASP Dot Net Tutorial - Working with XML
ASP Dot Net Tutorial - Forms Based Authentication
ASP Dot Net Tutorial - Windows Based Authentication

Online Personal Trainer Certification
Personal Trainer Certification (Spanish)
Six Sigma Certification
Find a Personal Trainer
Project Management Certification
Six Sigma Certification
Six Sigma Black Belt Certification
Master Black Belt Certification
Six Sigma Green Belt Certification
Life Coach Certification
Lean Management Certification
Lean Six Sigma Certification
First Aid Certification
CPR Certification
Yoga Certification
Aerobics Certification
Pilates Certification
Business Analyst Certification
SEO Certification
Online Business Writing Course & Certification
Makeup Artist Certification
Baby Sitting Course & Certification
Time Management Certification
Health Club Management Certification
Medical Coding Certification
Medical Billing Certification
Business Analysis Course
Master Trainer Certification
Total Quality Management Certification
Kaizen Certification
Creative Writing Certification
Event Management Certification
Test Search by Job Title
Administrative Assistant Certification
Virtual Assistant Certification
  All Online Courses


  Home > Courses, Tutorials & eBooks > ASP.NET Tutorial > Forms-Based Authentication `

ASP.NET Tutorial - Forms-Based Authentication

                                                                                                            Page 3 of 3

The output is shown below: -

In the above example, the important work happens in the Button-Click subroutine, which first checks the IsValid property to test whether both a username and password were entered into the form. If the page is valid, the values of the username and password form fields are matched against the values, expert and Secret.

If the correct username and password are entered, the RedirectFromLoginPage method is called. Two parameters are passed in this method: the username and a Boolean value indi­cating whether a persistent cookie should be created.

Form ahentication supports both session and persistent cookies. When the RedirectFromLoginPage is called, it can be indicated whether a persistent cookie should be created. If the RedirectFromLoginPage creates a persistent cookie, the cookie continues to exist even if the user shuts down his or her computer and returns to the Web sites many days in the future.

Calling the RedirectFromLoginPage method performs two-actions. First, it creates a cookie on the user’s browser that contains an Authentication Ticket. After this cookie is set, the user can access pages in directories that require Forms authentication.

The RedirectFromLoginPage method also automatically redirects the user back to the page that sent him or her to the Login. aspx page in the first place by using a browser redirect.

Configuring Forms Authentication

In the preceding section, modifications of the Web. Config file to enable Forms authentication for an application was discussed. In this section, the options for configuring Forms authentication will be examined in more detail.

The authentication section in the Web. Config file can contain an optional forms elements, which supports the following attributes:


The page where the user is automatically redirected when authentication is required. By default, users are redirected to the Login. aspx page in the application root directory. However, this attribute can be changed to point out to any page required.


The name of the browser cookie that contains the Authentication Ticket.By default, the cookie is named .ASPXAUTH. However, if multiple applications are configured on the same server, a unique cookie name for each application should be provided.


The amount of time in minutes before a cookie expires. By default, this attribute has the value of 30 minutes. This attribute does not apply to persistent cookies.


The path used for the cookie. By default, this attribute has the value/.


The way the cookie data is protected. Possible values are All, None Encryption, and validation; the default value is All.

The protection attribute requires some explanation. By default, cookies are encrypted using either DES or TripleDES encryption (depending on the capabilities of the server). Furthermore, the contents of the cookie are validated with a Message Authentication Code to protect against tampering.

Encryption or validation or both features can be disabled by changing the value of protection attribute. For example, setting protection to Encryption causes the cookie to be encrypted but not validated. Better performance from the application can be obtained by disabling encryption and validation. However, disabling these features also results in a less secure site.

The Web. Confiig file in example 65 illustrates how you can set the forms attributes.

Example 65 FormsAttributes\Web.Config


<authentication mode="Forms">











Configuring Forms Authorization

The authorization section of the Web. Config file determines which users can access ASP.NET pages within a directory. In the simplest case, the authorization section to deny anonymous users can be used to access to the pages in a directory by using a Web.Config like the one in example 66


Example 66 Web.Config



<authentication mode="Forms" />


<deny users="?" />





The authorization section can contain either <deny> elements, which deny access for particular users,or<allow> elements, which enable access for particular users. The special symbol ? can also be used which stands for all anonymous users, or the symbol *, which stands for all users (both anonymous and authenticated).



Home  |  About Us  |  Privacy Policy  |  Site Map  |  FAQs  |  Contact Us
© ExpertRating 2015. All Rights Reserved.