How To Implement Forms-Based Authentication in Your ASP.NET Application by Using C#.NET
This article refers to the following Microsoft .NET Framework Class Library namespaces:
- System.Data.SqlClient
- System.Web.Security
IN THIS TASK
- SUMMARY
-
- Requirements
- Create an ASP.NET Application Using Visual C# .NET
- Configure the Security Settings in the Web.config File
- Create a Sample Database Table to Store Users Details
- Create a Logon.aspx Page
- Code the Event Handler So That It Validates the User Credentials
- Create a Default.aspx Page
- Additional Notes
- REFERENCES
ummary
This article demonstrates how to implement forms-based authentication by using a database to store the users.
Requirements
The following list outlines the recommended hardware, software, network infrastructure, and service packs that you need:- Microsoft Visual Studio .NET
- Microsoft Internet Information Services (IIS) version 5.0 or later
- Microsoft SQL Server
Create an ASP.NET Application Using C# .NET
- Open Visual Studio .NET.
- Create a new ASP.NET Web application, and specify the name and location.
Configure the Security Settings in the Web.config File
This section demonstrates how to add and modify the <authentication> and <authorization> configuration sections to configure the ASP.NET application to use forms-based authentication.
- In Solution Explorer, open the Web.config file.
- Change the authentication mode to Forms.
- Insert
the <Forms> tag, and fill the appropriate attributes. (For more
information about these attributes, refer to the MSDN documentation or
the QuickStart documentation that is listed in the
REFERENCES section.) Copy the following code, and then click Paste as HTML on the
Edit menu to paste the code in the <authentication> section of the file:<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All" path="/" timeout="30" />
</authentication> - Deny access to the anonymous user in the <authorization> section as follows:
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>