<%@ Page %>

Forms authentication in ASP.NET


Many times we use some kind of custom authentication mechanism for our web sites. The most common way to authenticate visitors of your site is by accepting user id and password from then which are then validated against a database table. ASP.NET provides a very easy way to implement such mechanism via forms authentication. Forms based authentication is also referred to as cookie authentication because a cookie is used with each request that tells whether a user is authenticated or not. In case of windows authentication we automatically get windows role of the logged in user. You can also implement custom role based security in the Form based authentication. 

Steps involved in implementing forms authentication

  • Configure your web application to deny anonymous access
  • Modify web.config file to specify authentication mode as Forms
  • Create a aspx page that accepts user id and password and sets authentication cookie
  • Modify web.config to specify a page that will be acting as login page
  • Implement role based security (optional)

Sample application

The sample application provided for download shows you how to implement forms authentication. It also shows you how to implement role based security for forms authentication.

Bipin Joshi is an independent software consultant, trainer, author, and meditation teacher. He has been programming, meditating, and teaching for 25+ years. He conducts instructor-led online training courses in ASP.NET family of technologies for individuals and small groups. He is a published author and has authored or co-authored books for Apress and Wrox press. Having embraced the Yoga way of life he also teaches Ajapa Yoga to interested individuals. To know more about him click here.

Get connected : Facebook  Twitter  LinkedIn  YouTube

Posted On : 06 October 2001

Tags : ASP.NET Web Forms Security Configuration