Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Securing your site with web.config
page 3 of 5
by . .
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 22184/ 42
Forms Authentication

Forms

Forms security works so that you don't have to create new Windows accounts to let people in. I won't go over how it works (see Security in ASP.NET). Here is the configuration -

<configuration>
<system.web>

<authentication mode="Forms">
<forms name="Auth" loginURL="login.aspx" protection="All" timeout="10" />
</authentication>

</system.web>
</configuration>

When you are authenticated you are given a cookie called 'Auth'. The place where you login is called login.aspx. The protection is by default - All, this gives the cookie validation (to make sure it hasn't been tampered) and encryption (using Triple-DES or DES), you can modify this with different properties (All, None, Encryption, Validation). Next the timeout sets when the user's login will time-out (the default in 30) in minutes.

Before we continue lets set up our login.aspx file -

<script language="VB" runat="server" />
Sub btn_click(sender as object, e as eventargs)
'You may want a database connection or something here
'To provide authentication from a database
If uname.Text = "philipq" And pword.text = "password" Then
FormsAuthentication.SetAuthCookie(uname.text, true)
Response.Redirect("seethis.aspx")
Else
lblmsg.Text = "Invalid username or password"
End If
End Sub
</script>

I'll leave you to put the server controls in.

All this does is check the values of the two textboxes (uname and pword) and if they're fine it sets Formsauthentication.SetAuthCookie() to validate the user. the SetAuthCookie method takes two parameters - the username of the authorized user and weather or not to keep the cookie after the user closes the browser. The FormsAuthentication provides many other useful methods.

So far we have given simple authentication for users and the data is automatically encrypted. The cookie is also encrypted like this -

aucookie
E605AB187FED02216B161C9EDC5F64B4F51ECA418DE3E1FE11EAFFD108D4B05F9949B4490C692615443A01F8ABA0E7E1CEA2F1C9B9D8EB067198C954A3EE85E6
localhost/
1024
3450704256
33137864
3627820272
29464168
*

You can clearly see the name of the cookie and the server it got it from.
View Entire Article

User Comments

Title: great   
Name: jhon
Date: 2004-09-09 3:51:04 AM
Comment:
this is great!!!!!
Title: great   
Name: great
Date: 2004-09-09 3:50:17 AM
Comment:
this is great!!!!!!11

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-25 1:20:40 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search