Plunging into .NET Development

Weblog Pieter Gheysens
Microsoft .NET Development - C# - Enterprise Library - Visual Studio 2005 Team System - Compuware DevPartner - ...

Sunday, September 25

Forms Authentication in ASP.NET 2.0

An easy way to work with forms authentication in ASP.NET 2.0 is to use ASP.NET Membership and ASP.NET Login controls. ASP.NET Membership provides a way to store and manage user information and includes methods to authenticate users. ASP.NET Login Controls work with ASP.NET Membership and encapsulate the logic required to prompt users for credentials, validate users, recover or replace passwords, ...

How to ...
  • Set Authentication in web.config
    Create an authentication element under System.Web and set its mode attribute to Forms.

    The default- and login-page will be created later on. DefaultUrl returns the configured or default URL for the page to return after the request has been successfully authenticated. LoginUrl returns the configured or default URL for the Login page. This matches the loginUrl configuration attribute.
  • Set Authorization in web.config
    Create an authorization element under System.Web and set its attributes.

    Only users that belong to the Administrator-role are allowed. All other users will not have access. You can also set this info (authentication and authorization) in the ASP.NET Web Site Administration Tool.
  • Create Login.aspx
    When users request any page from the Web site and if they have not previously been authenticated, they are redirected to a page named Login.aspx. This file name has already been specified earlier in the Web.config file (loginUrl).

    To create this page, I've used the Login Control (ASP.NET 2.0). It takes input from the user and validates the username and password entered, confirms authentication or denies it. If authentication was successful, the user will be redirected to the default URL (default.aspx).
  • Create Default.aspx
    Create a webpage with info that can only be accessed after authentication of the user.
  • Configure database to store information for ASP.NET application services [Membership]
    I won't explain this into detail. More info about this in a previous post and at
  • Create new user and assign Aministrator-role to user
    The Web Site Administration Tool will help you to do this ...

After these steps, you can launch your web-application and you will be redirected to the login.aspx-page where the user-information has to be entered. After authentication you will be taken to the default.aspx-page.

If you wanted this functionality in ASP.NET 1.x you had to write a lot of code. All this functionality is now available with the new ASP.NET 2.0 Login Controls.


Post a Comment

Links to this post:

Create a Link

<< Home