Forms authentication using user names list in web.config Part 90

  • دعنا نشارك هذا :
ترتيب الدرس : 90
المدة : 00:20:24
التحكم :
Text version of the video

Healthy diet is very important both for the body and mind. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking our YouTube channel. Hope you can help.


All ASP .NET Text Articles

All ASP .NET Slides

All Dot Net and SQL Server Tutorials in English

All Dot Net and SQL Server Tutorials in Arabic

Anonymous authentication is fine for web sites that contain public information that every one can see. We discussed about Anonymous authentication in
Part 85 - Anonymous authentication
Part 86 - Anonymous authentication and impersonation

Windows authentication is used for intranet web applications, where the users are part of a windows domain-based network. We discussed about Windows authentication in Parts 87, 88 and 89.

In this video we will discuss about
1. When to use Forms Authentication
2. How to enable Forms Authentication

When to use Forms Authentication?
Forms authentication is used for internet web applications. The advantage of Forms authentication is that users do not have to be member of a domain-based network to have access to your application. Many internet web sites like,, etc uses forms authentication. To access these applications we do not have to be member of their domain-based network.

The description of the attributes
loginUrl - The URL of the login Page

timeout - Specifies the number of minutes the authentication cookie persists on the clients's computer. The default is 30 minutes.

defaultUrl - The url the user will be redirected after authentication

Protection - Specifies the protection for authentication cookie stored on the clients's computer. The default is All, which performs encryption and data validation. Other possible settings are Encryption, Validation, and None.

Double click the login button on the Login.aspx page. Copy and paste the following code in the button click event handler.
// Authenticate againts the list stored in web.config
if (FormsAuthentication.Authenticate(txtUserName.Text, txtPassword.Text))
// Create the authentication cookie and redirect the user to welcome page
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkBoxRememberMe.Checked);
lblMessage.Text"Invalid UserName and/or password";

Run the application. Try to navigate to Welcome.aspx or Registration/Register.aspx pages, you will be redirected to Login page. After you login, you will be able to access these pages.

There are 2 problems with this application at the moment.
1. It is not a good practise to store user names and passwords in web.config file. If you want to create the user names and passwords dynamically, you need to change the web.config file. If you change the web.config file at run time, the application restarts and all the session data will be lost, if stored inside the worker process. In a later video session, we will discuss about storing user names and passwords in a database table.
2. At the moment, users are not able to access Register.aspx page, if they are not logged in. If a user does not have user name and password, he should be able to register himself using Register.aspx page. In a later video session, we will discuss about this.

سيتم تفعيل التعليقات قريبا

Sep 23, 2020 07:32:24