October 20, 2002 - Forms-based Authentication

October 20, 2002
Forms-based Authentication

Tips: October 2002

Yehuda Shiran, Ph.D.
Doc JavaScript

Developer News

OpenOffice 3.2 Lands Amid Critical Changes

Red Hat, IBM Firmly in KVM Virtualization Camp

Red Hat Talks Up Open Source Cloud Plans

ASP.NET includes the built-in class FormsAuthentication that provides static methods to handle authentication. The class belongs to the System.Web.Security namespace and cannot be inherited. This class provides the capability of forms-based authentication, which is unique to ASP.NET and was not provided by ASP. There are two advantages to forms-based authentication. First, you can customize the login UI. Using the ASP.NET forms-based authentication you have full flexibility over what the authentication page looks like. You can add the site's look-and-feel, user-oriented Help, or links to registration pages. The second advantage is that you can check the username and password using your Store database, as opposed to requiring an NT account for each user.

In order to use authentication, you first need to define which pages need authentication. You accomplish this with the <authorization> tag in Web.config. In IBuySpy Store, we have three pages that need authorization: OrderList.aspx, OrderDetails.aspx, and CheckOut.aspx. Since a random user might be logged in to a temporary account, we can't let that user checkout items and pay, see the history of the orders, or examine the details of the orders. Here are the definitions of these three files in Web.config:

  <location path="Checkout.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
  <location path="OrderList.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
  <location path="OrderDetails.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
	      </authorization>
    </system.web>
  </location>

You specify the login page in Web.config with the <authentication> tag:

  <system.web>
    <authentication mode="Forms">
      <forms name="IBuySpyStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
    </authentication>
  </system.web>

One of the methods of FormsAuthentication is RedirectFromLoginPage(). It redirects an authenticated user back to the originally requested URL. Here is how we use this in IBuySpy's Login.aspx:

  FormsAuthentication.RedirectFromLoginPage(customerId, RememberLogin.Checked);

Another method is SetAuthCookie() which creates an authentication cookie with the user ID in it. We use in IBuySpy's Register.aspx:

  FormsAuthentication.SetAuthCookie(customerId, false);

People who read this tip also read these tips:

Handling the result Object

Using final

The Object Class

Polymorphic ToString()

Reading Entity Declarations with the Browser

Look for similar tips by subject:

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Intel Whitepaper: 2010 Intel Core vPro Processors Overview
Article: Adobe Helps PHP Developers Create Rich Internet Applications
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
Microsoft Whitepaper: Improve Communications and Collaboration

Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

IBM Cloud Computing for Developers Virtual Event, April 6-8
Micro Focus Webcast: Boosting the Impact and Effectiveness of Software Development QA and Testing
Microsoft Webcast: Simplified Access and Single Sign-On

Intel Video: 2010 Intel Core Processor Technologies
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Adobe Download: Tour de Flex Application and Explore Flex
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us

Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Free Adobe Online Flex Training: Check Out this Video Training Course Here
Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

The latest from WebReference.com

Browse >

Search Engine Optimization: Selecting and Embedding Keywords · Are Google's Language Translation Web Services Ready for Prime Time? · Installing and Using Meeplace, the Business Review CMS

Sitemap · Experts · Tools · Services · Email a Colleague · Contact

FREE Newsletters >

The latest from internet.com

Workers Say Telework Is More Productive, Bosses Not So Sure · Kingston Debuts Power-Saving Memory Upgrades · Social Networking is King: Facebook Edges Google