Powered by Blogger.

Saturday, March 15, 2014

Forms Authentication in Asp.Net

In this post we will discuss about Forms Authentication in Asp.Net.

Also you can check out:

- Working with enterprise library for data access in asp.net Part-3

- Convert ArrayList to String using C#.Net

- asp.net mvc 4 tutorial

The below configuration elements show how you enable Forms authentication in Web.config.

<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyCookie" timeout="60" path="/">

When you use Forms authentication, the following authorization options are avail- able to you:

Client Requested Resources
Requested resources require ACLs that allow read access to the anonymous Internet user account. (IIS should be configured to allow anonymous access when you use Forms authentication).

URL Authorization
Configure URL Authorization in Web.config. With Forms authentication, the format of user names is determined by your custom data store; a SQL Server database, or Active Directory.

If you are using a SQL Server data store:

<deny users="?" />
<allow users="Raju,Biju,Tamanna" roles="Manager,Sales" />

Explicit Role Checks
You can perform role checking using the IPrincipal interface.


When to Use
Forms authentication is most ideally suited to Internet applications. Use Forms authentication when: Your application’s users do not have Windows accounts.

You want users to log on to your application by entering credentials using an HTML form.