System.Web.Security Namespace
Manages forms-authentication services for Web applications. This class cannot be inherited.
| Visibility |
Name |
Parameters |
Return Type |
| public static |
Authenticate |
(
String
name
,
String
password
)
|
Boolean
|
| public static |
Decrypt |
(
String
encryptedTicket
)
|
FormsAuthenticationTicket
|
| public static |
EnableFormsAuthentication |
(
NameValueCollection
configurationData
)
|
Void
|
| public static |
Encrypt |
(
FormsAuthenticationTicket
ticket
)
|
String
|
| public static |
GetAuthCookie |
(
String
userName
,
Boolean
createPersistentCookie
,
String
strCookiePath
)
|
HttpCookie
|
| public static |
GetAuthCookie |
(
String
userName
,
Boolean
createPersistentCookie
)
|
HttpCookie
|
| public static |
GetRedirectUrl |
(
String
userName
,
Boolean
createPersistentCookie
)
|
String
|
| public static |
HashPasswordForStoringInConfigFile |
(
String
password
,
String
passwordFormat
)
|
String
|
| public static |
Initialize |
( )
|
Void
|
| public static |
RedirectFromLoginPage |
(
String
userName
,
Boolean
createPersistentCookie
)
|
Void
|
| public static |
RedirectFromLoginPage |
(
String
userName
,
Boolean
createPersistentCookie
,
String
strCookiePath
)
|
Void
|
| public static |
RedirectToLoginPage |
( )
|
Void
|
| public static |
RedirectToLoginPage |
(
String
extraQueryString
)
|
Void
|
| public static |
RenewTicketIfOld |
(
FormsAuthenticationTicket
tOld
)
|
FormsAuthenticationTicket
|
| public static |
SetAuthCookie |
(
String
userName
,
Boolean
createPersistentCookie
)
|
Void
|
| public static |
SetAuthCookie |
(
String
userName
,
Boolean
createPersistentCookie
,
String
strCookiePath
)
|
Void
|
| public static |
SignOut |
( )
|
Void
|
|
Forms authentication enables user and password validation for Web applications that do not require Windows authentication. With forms authentication, user information is stored in an external data source, such as a Membership database, or in the configuration file for an application. Once a user is authenticated, forms authentication maintains an authentication ticket in a cookie or in the URL so that an authenticated user does not need to supply credentials with each request.
Forms authentication is enabled by setting the mode attribute of the authentication configuration element to Forms. You can require that all requests to an application contain a valid user authentication ticket by using the authorization configuration element to deny the request of any unknown user, as shown in the following example.
<system.web>
<authentication mode = "Forms">
<forms loginUrl = "login.aspx" />
</authentication>
<authorization>
<deny user = "?" />
</authorization>
</system.web>
In the previous example, any request for an ASP.NET page that is part of the application requires a valid user name that is supplied by forms authentication. If no user name exists, then the request is redirected to the configured LoginUrl.
The FormsAuthentication class provides access to methods and properties that you can use in an application that authenticates users. The RedirectToLoginPage method redirects a browser to the configured LoginUrl for users to log into an application. The RedirectFromLoginPage method redirects an authenticated user back to the original protected URL that was requested or to the DefaultUrl. There are also methods that enable you to manage forms-authentication tickets, if needed.
The following code example shows the Web.config file for an ASP.NET application that uses the ASP.NET membership provider for forms authentication and requires all users to be authenticated.
<configuration>
<connectionStrings>
<add name = "SqlServices" connectionString =
"Data Source=MySqlServer;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />
</connectionStrings>
<system.web>
<membership defaultProvider = "SqlProvider" userIsOnlineTimeWindow = "20">
<providers>
<add name = "SqlProvider"
type = "System.Web.Security.SqlMembershipProvider"
connectionStringName = "SqlServices"
enablePasswordRetrieval = "false"
enablePasswordReset = "true"
requiresQuestionAndAnswer = "true"
passwordFormat = "Hashed"
applicationName = "/" />
</providers>
</membership>
</system.web>
</configuration>
The following code example shows the login page for an ASP.NET application that uses forms authentication and ASP.NET membership.
<html>
<head>
<title>Login</title>
</head>
<body>
<form runat = "server">
<h3>Login</h3>
<asp:Label id = "Msg" ForeColor = "maroon" runat = "server" /><P>
Username: <asp:Textbox id = "UsernameTextbox" runat = "server" /><br>
Password: <asp:Textbox id = "PasswordTextbox" runat = "server" TextMode = "Password" /><br>
<asp:Button id = "LoginButton" Text = "Login" OnClick = "Login_OnClick" runat = "server" />
<asp:CheckBox id = "NotPublicCheckBox" runat = "server" />
Check here if this is <u>not</u> a public computer.
</form>
</body>
</html>
Below is the code for the page above.
<%@ Page Language = "C#" %>
<%@ Import Namespace = "System.Web.Security" %>
<script runat = "server">
public void Login_OnClick ( object src, EventArgs args ) {
if ( Membership.ValidateUser ( UsernameTextbox.Text, PasswordTextbox.Text ) ) {
FormsAuthentication.RedirectFromLoginPage (
UsernameTextbox.Text, NotPublicCheckBox.Checked );
} else {
Msg.Text = "Login failed. Please check your user name and password and try again.";
}
}
</script>
<%@ Page Language = "VB" %>
<%@ Import Namespace = "System.Web.Security" %>
<script runat = "server">
Public Sub Login_OnClick ( src As Object, args As EventArgs )
If ( Membership.ValidateUser ( UsernameTextbox.Text, PasswordTextbox.Text ) ) Then
FormsAuthentication.RedirectFromLoginPage ( _
UsernameTextbox.Text, NotPublicCheckBox.Checked )
Else
Msg.Text = "Login failed. Please check your user name and password and try again."
End If
End Sub
</script> |
| |
C# |
VB |
FormsAuthenticationModule Class FormsIdentity Class
