asp.net.ph
Home  
Getting Started  
Skip Navigation Links
Web Forms  
Skip Navigation Links
Data Access  
Skip Navigation Links
Web Apps  
Skip Navigation Links
Web Basics  
Skip Navigation Links
Show Me   Search
Thursday, January 9, 2025 

Skip Navigation LinksASP.NET Applications > ASP.NET Web Application Security > ASP.NET Authentication > The Forms Authentication Provider > Forms Authentication Utilities

Forms Authentication Utilities

ASP.NET Web Application Security   ASP.NET Authentication   Forms Authentication

A helper class called FormsAuthentication provides the static helper methods for managing forms authentication tickets listed in the following table.

Method Description
Authenticate Attempts to validate the credentials from the configured credential store, given the supplied credentials.
Decrypt Returns an instance of a FormsAuthenticationTicket class, given an encrypted authentication ticket obtained from an HTTP form.
Encrypt Produces a string containing an encrypted authentication ticket suitable for use in an HTTP form, given a FormsAuthenticationTicket.
GetAuthCookie Retrieves the already encrypted authentication cookie as an HttpCookie instance. It does not add it to the Response forms collection.
GetRedirectUrl Gets the originally requested URL, if available. For example, this method can be used to do manual redirection.
HashPasswordForStoringInConfigFile Returns the appropriate value for storing in the Config file, given a password and the encryption type SHA1 or MD5.
Initialize Initializes authentication forms authentication tickets.
RedirectFromLoginPage Redirects an authenticated user back to the originally requested URL.
RenewTicketIfOld Renews the already encrypted authentication FormsAuthenticationTicket. Returns the renewed ticket.
SetAuthCookie Retrieves the already encrypted authentication cookie as an HttpCookie instance and adds it to the Response forms collection.
SignOut Retrieves the already encrypted authentication form as an HttpForms instance and adds it to the outgoing response.

You can use the helper methods to customize the way the module works. You can also use them in the logon page handler to avoid the work of generating the redirection. A logon page using these facilities can be as simple as the following example: 

<html>
<head>
<script language = "C#" runat=server>
   void SubmitBtn_Click ( Object Source, EventArgs E ) {
      // pull credentials from form fields and try to authenticate.
      if ( FormsAuthentication.Authenticate ( UserName.Value, UserPassword.Value ) ) {
         FormsAuthenticationTicket ticket = new 
            FormsAuthenticationTicket ( UserName.Value, false, 5000 );
         FormsAuthentication.RedirectFromLoginPage ( UserName.Value,
            PersistForms.Checked );
      }
   }
</script>
</head>

<body>

<form method=post runat=server>
<table>
   <tr>
      <td>Name:</td>
      <td><input type = "text" id = "UserName" runat=server/>
   </tr>
   <tr>
      <td>Password:</td>
      <td><input type = "password" id = "UserPassword" runat=server/>
   </td>
</table>
<input type=checkbox id = "PersistForms" runat=server />Use persistent cookie
<br>
<input type = "submit" onServerClick = "SubmitBtn_Click" runat=server />
</form>
</body>
</html>
  C# VB

Applications that need granular control over the HTTP form properties can use the encryption helpers to encrypt the authentication ticket, but can construct the ticket and perform the redirection themselves.
Home
Suggested Reading

© 2025 Reynald Nuñez and asp.net.ph. All rights reserved.

If you have any question, comment or suggestion
about this site, please send us a note