October 20, 2002 - Forms-based Authentication

Yehuda Shiran

October 20, 2002
Forms-based Authentication

Tips: October 2002

Yehuda Shiran, Ph.D.
Doc JavaScript

Developer News

News Flash: Adobe Has iPhone Workaround

Adobe's Flash 10.1 Goes Mobile (Minus iPhone)

A Salute to Visionary CEOs

ASP.NET includes the built-in class FormsAuthentication that provides static methods to handle authentication. The class belongs to the System.Web.Security namespace and cannot be inherited. This class provides the capability of forms-based authentication, which is unique to ASP.NET and was not provided by ASP. There are two advantages to forms-based authentication. First, you can customize the login UI. Using the ASP.NET forms-based authentication you have full flexibility over what the authentication page looks like. You can add the site's look-and-feel, user-oriented Help, or links to registration pages. The second advantage is that you can check the username and password using your Store database, as opposed to requiring an NT account for each user.

In order to use authentication, you first need to define which pages need authentication. You accomplish this with the <authorization> tag in Web.config. In IBuySpy Store, we have three pages that need authorization: OrderList.aspx, OrderDetails.aspx, and CheckOut.aspx. Since a random user might be logged in to a temporary account, we can't let that user checkout items and pay, see the history of the orders, or examine the details of the orders. Here are the definitions of these three files in Web.config:

  <location path="Checkout.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
  <location path="OrderList.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
  <location path="OrderDetails.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
	      </authorization>
    </system.web>
  </location>

You specify the login page in Web.config with the <authentication> tag:

  <system.web>
    <authentication mode="Forms">
      <forms name="IBuySpyStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
    </authentication>
  </system.web>

One of the methods of FormsAuthentication is RedirectFromLoginPage(). It redirects an authenticated user back to the originally requested URL. Here is how we use this in IBuySpy's Login.aspx:

  FormsAuthentication.RedirectFromLoginPage(customerId, RememberLogin.Checked);

Another method is SetAuthCookie() which creates an authentication cookie with the user ID in it. We use in IBuySpy's Register.aspx:

  FormsAuthentication.SetAuthCookie(customerId, false);

People who read this tip also read these tips:

Checking Loading Completion of a SWF

Bookmarklet's Foundations

Using the System.Console Class

Specifying the Anchoring Sides

Playing Paused Flash Streams

Look for similar tips by subject:

WebMediaBrands Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Whitepapers and eBooks

Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Adobe Article: Java Developers Finding a Home at Adobe Flex
IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database
Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT

Internet.com eBook: IT Manager's Guide to Social Networking
Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3--New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips
SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports

IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
Video: Deploy Applications on Windows Azure
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Get the Windows 7 SDK
Free Trial: Red Gate SQL Backup Pro 6

Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Virtual Lab: Migrating PHP Applications
Enabling Web Slices and Accelerators with a PHP Site
Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products

All About Botnets
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

The latest from WebReference.com

Building a Banking Application Home Page with OOP · Mixing Scripting Languages · Review: phpFox, a Social Networking CMS with all the Bells and Whistles

Sitemap · Experts · Tools · Services · Email a Colleague · Contact

FREE Newsletters >

The latest from internet.com

Enterprise 2.0: Social Networking in the Cloud · BroadSoft Marketplace Hastens Pace of Telephony Innovation · Review: HTC Hero for Sprint