asp.net.ph
Home  
Getting Started  
Skip Navigation Links
Web Forms  
Skip Navigation Links
Data Access  
Skip Navigation Links
Web Apps  
Skip Navigation Links
Web Basics  
Skip Navigation Links
Show Me   Search
Friday, January 10, 2025 

Skip Navigation Links

<authentication> Section

ASP.NET Syntax   ASP.NET Configuration Sections

Configures the ASP.NET authentication scheme that is used to identify users who view an ASP.NET application. 

<authentication mode = "Windows | Forms | Passport | None">

   <forms name = "name" loginUrl = "url" 
      protection = "All | None | Encryption | Validation"
      timeout = "30" path = "/">
      <credentials passwordFormat = "Clear | SHA1 | MD5">
         <user name = "username" password = "password" />
      </credentials>
   </forms>

   <passport redirectUrl = "internal" />

</authentication>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes


Attribute Description
mode Required attribute.

Specifies the default authentication mode for an application. This attribute can be one of the following values.

Value Description
Windows Specifies Windows authentication as the default authentication mode. Use it with any form of Microsoft Internet Information Services ( IIS ) authentication: Basic, Digest, Integrated Windows authentication ( NTLM/Kerberos ), or certificates. In this case, your application delegates the authentication responsibility to the underlying IIS.
Forms Specifies ASP.NET forms-based authentication as the default authentication mode.
Passport Specifies Microsoft Passport Network authentication as the default authentication mode.
None Specifies no authentication. Your application expects only anonymous users or the application provides its own authentication.

The default is Windows.


Child Elements


Element Description
forms Configures an ASP.NET application for custom forms-based authentication.
passport Specifies the page to redirect to, if the page requires authentication and the user has not signed on with Microsoft Passport Network authentication.

Parent Elements


Element Description
configuration Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.
system.web Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

Remarks

The authentication element configures the ASP.NET authentication scheme for an ASP.NET application. The authentication scheme determines how to identify users who want to view the ASP.NET application. The mode attribute specifies the authentication scheme. For more information about available authentication schemes, see ASP.NET Authentication.

Default Configuration

The following default authentication element is not explicitly configured in the Machine.config or the root Web.config file. However, it is the default configuration that is returned by the application in the .NET Framework version 2.0. 

<authentication mode = "Windows">
   <forms name = ".ASPXAUTH"
      loginUrl = "login.aspx"
      defaultUrl = "default.aspx"
      protection = "All"
      timeout = "30"
      path = "/"
      requireSSL = "false"
      slidingExpiration = "true"
      cookieless = "UseDeviceProfile"
      domain = ""
      enableCrossAppRedirects = "false">
      <credentials passwordFormat = "SHA1" />
   </forms>
   <passport redirectUrl = "internal" />
</authentication>

The following default authentication element is configured in the Machine.config file in the .NET Framework version 1.1. 

<authentication mode = "Windows">
   <forms name = ".ASPXAUTH"
      loginUrl = "login.aspx"
      protection = "All"
      timeout = "30"
      path = "/"
      requireSSL = "false"
      slidingExpiration = "true">
      <credentials passwordFormat = "SHA1"></credentials>
   </forms>
   <passport redirectUrl = "internal" />
</authentication>

The following default authentication element is configured in the Machine.config file in the .NET Framework version 1.0. 

<authentication mode = "Windows">
   <forms name = ".ASPXAUTH"
      loginUrl = "login.aspx"
      protection = "All"
      timeout = "30"
      path = "/" >
      <credentials passwordFormat = "SHA1"></credentials>
   </forms>
   <passport redirectUrl = "internal" />
</authentication>

Example

The following code example demonstrates how to configure a site for forms-based authentication, specify the name of the cookie that transmits logon information from the client, and specify the name of the logon page to use, if initial authentication fails. You need to include an authorization section to require forms authentication by all users and to deny anonymous users access to the site. 

<configuration>
   <system.web>
      <authentication mode = "Forms">
         <forms name = "401kApp" loginUrl = "/login.aspx" />
      </authentication>
      <authorization>
         <deny users = "?" />
      </authorization>
   </system.web>
</configuration>
See Also

AuthenticationSection Class   AuthenticationMode Enumeration   ASP.NET Authentication




Home
Suggested Reading

© 2025 Reynald Nuñez and asp.net.ph. All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note