 ASP.NET Applications > ASP.NET Web Application Security > ASP.NET Authentication > The Forms Authentication Provider > Forms Authentication Utilities
ASP.NET Web Application Security ASP.NET Authentication Forms Authentication
A helper class called FormsAuthentication provides the static helper methods for managing forms authentication tickets listed in the following table.
| Method |
Description |
| Authenticate |
Attempts to validate the credentials from the configured credential store, given the supplied credentials. |
| Decrypt |
Returns an instance of a FormsAuthenticationTicket class, given an encrypted authentication ticket obtained from an HTTP form. |
| Encrypt |
Produces a string containing an encrypted authentication ticket suitable for use in an HTTP form, given a FormsAuthenticationTicket. |
| GetAuthCookie |
Retrieves the already encrypted authentication cookie as an HttpCookie instance. It does not add it to the Response forms collection. |
| GetRedirectUrl |
Gets the originally requested URL, if available. For example, this method can be used to do manual redirection. |
| HashPasswordForStoringInConfigFile |
Returns the appropriate value for storing in the Config file, given a password and the encryption type SHA1 or MD5. |
| Initialize |
Initializes authentication forms authentication tickets. |
| RedirectFromLoginPage |
Redirects an authenticated user back to the originally requested URL. |
| RenewTicketIfOld |
Renews the already encrypted authentication FormsAuthenticationTicket. Returns the renewed ticket. |
| SetAuthCookie |
Retrieves the already encrypted authentication cookie as an HttpCookie instance and adds it to the Response forms collection. |
| SignOut |
Retrieves the already encrypted authentication form as an HttpForms instance and adds it to the outgoing response. |
You can use the helper methods to customize the way the module works. You can also use them in the logon page handler to avoid the work of generating the redirection. A logon page using these facilities can be as simple as the following example:
<html>
<head>
<script language = "C#" runat=server>
void SubmitBtn_Click ( Object Source, EventArgs E ) {
// pull credentials from form fields and try to authenticate.
if ( FormsAuthentication.Authenticate ( UserName.Value, UserPassword.Value ) ) {
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket ( UserName.Value, false, 5000 );
FormsAuthentication.RedirectFromLoginPage ( UserName.Value,
PersistForms.Checked );
}
}
</script>
</head>
<body>
<form method=post runat=server>
<table>
<tr>
<td>Name:</td>
<td><input type = "text" id = "UserName" runat=server/>
</tr>
<tr>
<td>Password:</td>
<td><input type = "password" id = "UserPassword" runat=server/>
</td>
</table>
<input type=checkbox id = "PersistForms" runat=server />Use persistent cookie
<br>
<input type = "submit" onServerClick = "SubmitBtn_Click" runat=server />
</form>
</body>
</html>
<html>
<head>
<script language = "VB" runat=server>
Sub SubmitBtn_Click ( Source As Object, E As EventArgs )
' pull credentials from form fields and try to authenticate.
If FormsAuthentication.Authenticate ( UserName.Value, UserPassword.Value ) Then
Dim ticket As New FormsAuthenticationTicket ( _
UserName.Value, false, 5000 )
FormsAuthentication.RedirectFromLoginPage _
( UserName.Value, PersistForms.Checked )
End If
End Sub
</script>
</head>
<body>
<form method=post runat=server>
<table>
<tr>
<td>Name:</td>
<td><input type = "text" id = "UserName" runat=server/>
</tr>
<tr>
<td>Password:</td>
<td><input type = "password" id = "UserPassword" runat=server/>
</td>
</table>
<input type=checkbox id = "PersistForms" runat=server />Use persistent cookie
<br>
<input type = "submit" onServerClick = "SubmitBtn_Click" runat=server />
</form>
</body>
</html> |
| |
C# |
VB |
Applications that need granular control over the HTTP form properties can use the encryption helpers to encrypt the authentication ticket, but can construct the ticket and perform the redirection themselves.
|