<%@ Page %>

Forms authentication in ASP.NET

Introduction

Many times we use some kind of custom authentication mechanism for our web sites. The most common way to authenticate visitors of your site is by accepting user id and password from then which are then validated against a database table. ASP.NET provides a very easy way to implement such mechanism via forms authentication. Forms based authentication is also referred to as cookie authentication because a cookie is used with each request that tells whether a user is authenticated or not. In case of windows authentication we automatically get windows role of the logged in user. You can also implement custom role based security in the Form based authentication. 

Steps involved in implementing forms authentication

  • Configure your web application to deny anonymous access
  • Modify web.config file to specify authentication mode as Forms
  • Create a aspx page that accepts user id and password and sets authentication cookie
  • Modify web.config to specify a page that will be acting as login page
  • Implement role based security (optional)

Sample application

The sample application provided for download shows you how to implement forms authentication. It also shows you how to implement role based security for forms authentication.


Bipin Joshi is an independent software consultant and trainer by profession specializing in Microsoft web development technologies. Having embraced the Yoga way of life he is also a yoga mentor, meditation teacher, and spiritual guide to his students. He is a prolific author and writes regularly about software development and yoga on his websites. He is programming, meditating, writing, and teaching for over 27 years. To know more about his private online courses on ASP.NET and meditation go here and here.

Posted On : 06 October 2001


Tags : ASP.NET Web Forms Security Configuration