System.Web.Security Namespace

Provides access to properties and values of the ticket used with forms authentication to identify users. This class cannot be inherited.

The FormsAuthenticationTicket class is used to create an object that represents the authentication ticket that is used by forms authentication to identify an authenticated user. The properties and values of a forms-authentication ticket are converted to and from an encrypted string that is stored in a cookie or in the URL.

The FormsAuthentication class provides an Encrypt method to create a string value that can be stored in a cookie or in the URL from a FormsAuthenticationTicket. The FormsAuthentication class also provides a Decrypt method to create a FormsAuthenticationTicket object from the encrypted authentication ticket retrieved from the forms-authentication cookie or the URL.

The FormsAuthenticationTicket for the current authenticated user can be accessed using the Ticket property of the FormsIdentity class. You can access the current FormsIdentity object by casting the Identity property of the current User as type FormsIdentity.

The following code example stores the result of the Encrypt method in a cookie using the FormsCookieName and redirects the user to the URL returned from the GetRedirectUrl method.

Below is the HTML for the page.

<html>
<head>
   <title>Forms Authentication Login</title>
</head>
<body>
   <form runat = "server">
      <span style = "BACKGROUND: #80ff80">
         <h3>Login Page</h3>
      </span>
      <asp:Label id = "Msg" 
         ForeColor = "maroon" 
         runat = "server" /><P>
      <table border=0>
         <tr>
            <td>Username:</td>
            <td><asp:TextBox id = "UserNameTextBox" type = "text" runat = "server" /></td>
            <td>
               <asp:RequiredFieldValidator id = "RequiredFieldValidator1" runat = "server"
                  ErrorMessage = "*"
                  Display = "Static"
                  ControlToValidate = "UserNameTextBox" /></td>
         </tr>
         <tr>
            <td>Password:</td>
            <td><asp:TextBox id = "UserPassTextBox" TextMode = "Password" runat = "server" /></td>
            <td>
               <asp:RequiredFieldValidator id = "RequiredFieldValidator2" runat = "server"
                  ErrorMessage = "*"
                  Display = "Static"
                  ControlToValidate = "UserPassTextBox" /></td>
         </tr>
         <tr>
            <td>Check here if this is <u>not</u><br>a public computer:</td>
            <td><asp:CheckBox id = "PersistCheckBox" runat = "server" autopostback = "true" /></td>
         </tr>
      </table>
      <input type = "submit" value = "Login" runat = "server" onserverclick = "Login_Click" />
   </form>
</body>
</html>

Below is the code for the above page.

<%@ Page Language = "C#" %>
<%@ Import Namespace = "System.Web.Security" %>
<script runat = "server">

   private void Login_Click ( Object sender, EventArgs e )    {
      // Create a custom FormsAuthenticationTicket
      // containing application specific data for the user.
      string username = UserNameTextBox.Text;
      string password = UserPassTextBox.Text;
      bool isPersistent = PersistCheckBox.Checked;

      if ( Membership.ValidateUser ( username, password ) ) {
         string userData = "ApplicationSpecific data for this user.";
         FormsAuthenticationTicket ticket = new FormsAuthenticationTicket ( 1,
            username,
            DateTime.Now,
            DateTime.Now.AddMinutes ( 30 ),
            isPersistent,
            userData,
            FormsAuthentication.FormsCookiePath );

         // Encrypt the ticket.
         string encTicket = FormsAuthentication.Encrypt ( ticket );

         // Create the cookie.
         Response.Cookies.Add ( new HttpCookie ( FormsAuthentication.FormsCookieName, encTicket ) );

         // Redirect back to original URL.
         Response.Redirect ( FormsAuthentication.GetRedirectUrl ( username, isPersistent ) );
      } else {
         Msg.Text = "Login failed. Please check your user name and password and try again.";
      }
   }
</script>

<%@ Page Language = "VB" %>
<%@ Import Namespace = "System.Web.Security" %>
<script runat = "server">

   Private Sub Login_Click ( src As Object, e As EventArgs )
      ' Create a custom FormsAuthenticationTicket 
      ' containingapplication specific data for the user.
      Dim username As String = UserNameTextBox.Text
      Dim password As String = UserPassTextBox.Text
      Dim isPersistent As Boolean = PersistCheckBox.Checked

      If Membership.ValidateUser ( username, password ) Then
         Dim userData As String = "ApplicationSpecific data for this user."
         Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket ( 1, _
            username, _
            DateTime.Now, _
            DateTime.Now.AddMinutes ( 30 ), _
            isPersistent, _
            userData, _
            FormsAuthentication.FormsCookiePath ) 

         ' Encrypt the ticket.
         Dim encTicket As String = FormsAuthentication.Encrypt ( ticket ) 

         ' Create the cookie.
         Response.Cookies.Add ( New HttpCookie ( FormsAuthentication.FormsCookieName, encTicket ) ) 

         ' Redirect back to original URL.
         Response.Redirect ( FormsAuthentication.GetRedirectUrl ( username, isPersistent ) )
      Else
         Msg.Text = "Login failed. Please check your user name and password and try again."
      End If
   End Sub
</script>

FormsAuthentication Class   FormsAuthenticationModule Class   FormsIdentity Class