Scribd Logo
Upload

Welcome to Scribd!

  • Forms Authentication

    Uploaded by

    shivuhc
    17 views10 pages
    .NET

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    .NET

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views10 pages

    Forms Authentication

    Uploaded by

    shivuhc
    .NET

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    Authentication

    Authentication is the process of obtaining


    identification credentials such as name and
    password from a user and validating those
    credentials against some authority. If the
    credentials are valid, the entity that submitted
    the credentials is considered an authenticated
    identity. Once an identity has been authenticated,
    the authorization process determines whether
    that identity has access to a given resource.

    Forms
    Authentication

    Forms authentication is a ticket-based system.


    when users log in, they receive a ticket with basic
    user information. This information is stored in an
    encrypted cookie thats attached to the response
    so its automatically submitted on each
    subsequent request.
    When a user requests an ASP.NET page that is
    not available for anonymous users, the ASP.NET
    runtime verifies whether the forms authentication
    ticket is available.
    If its not available, ASP.NET automatically
    redirects the user to a login page.

    Forms authentication is an attractive option for


    developers for a number of reasons:
    You have full control over the authentication code.
    You have full control over the appearance of the
    login form.
    It works with any browser.
    It allows you to decide how to store user
    information.

    <authentication mode="Forms">
    <!-- Detailed configuration options -->
    <forms name="MyCookieName"
    loginUrl="DbLogin.aspx"
    timeout="20"
    slidingExpiration="true"
    cookieless="AutoDetect"
    protection="All"
    requireSSL="false"
    enableCrossAppRedirects="false"
    defaultUrl="MyDefault.aspx"
    domain="www.mydomain.com"
    path="/" />
    </authentication>

    Credentials Store in web.config


    Denying Access to Anonymous Users
    Furthermore, its important to include the
    Page.IsValid condition at the beginning of this
    procedure.
    The reason for this is that validation controls by
    default use JavaScript for client-side validation.
    When calling Page.Validate(), the validation takes
    place on the server.
    FormsAuthentication.Authenticate:
    Checks the specified user name and password
    against those stored in the
    web.config file and returns a Boolean value
    indicating whether a match was found.

    FormsAuthentication.RedirectFromLoginPage
    (UsernameText.Text, false);
    This method performs several tasks at
    once:
    1. It creates an authentication ticket for the
    user.
    2. It encrypts the information from the
    authentication ticket.
    3. It creates a cookie to persist the
    encrypted ticket information.
    4. It adds the cookie to the HTTP response,
    sending it to the client.
    5. It redirects the user to the originally
    requested page

    The second parameter of


    RedirectFromLoginPage() indicates
    whether a persistent cookie should
    be created.
    Persistent cookies are stored on the
    users hard drive and can be reused
    for later visits.

    PassportAuthenticationModule
    The PassportAuthenticationModule provides a wrapper for
    Microsofts Passport authentication service. When using
    Passport, users are authenticated using the information in
    Microsofts Passport database (the same technology that
    powers the free Hotmail e-mail system).
    The advantage of Passport is that you can use existing
    user credentials (such as an e-mail address and password),
    without forcing users to go through a separate registration
    process.
    We recommend not even thinking about using .NET
    Passport authentication anymore, as it has been replaced
    by a new concept called Live ID

    Forms authentication is a great approach if you want


    to roll your own authentication system using a backend database and a custom login page.
    But what if you are creating a web application for a smaller
    set of known users who already have Windows user
    accounts? In these situations, it makes sense to use an
    authentication system that can leverage the existing user
    and group membership information.
    The solution is Windows authentication, which matches web
    users to Windows user accounts that are defined on the
    local computer or another domain on the network.
    IIS asks the browser to authenticate itself by providing
    credentials that map to a Windows user account.
    If the user is successfully authenticated, IIS allows the
    web-page request and passes the user and role information
    onto ASP.NET so that your code can act on it in much the
    same way that it works with identity information in a forms
    authentication scenario.

    You might also like