The membership API is a framework based on top of the existing forms authentication infrastructure and by using it you don’t need to implement login pages or credential storage. The membership API framework provides you with a complete set of user management functions:
– You can create and delete users either programmatically or …
How to use Persistent Cookies with Forms Authentication in ASP.NET in VB.NET
Usually you will use in your projects nonpersistent authentication cookie to maintain the authentication ticket between requests. This means that if the user closes the browser, the cookie is immediately removed. The benefits are the following:
– This is a sensible step that ensures security. It’s particularly important with shared computers to prevent …
How to use Persistent Cookies with Forms Authentication in ASP.NET in C#
Usually you will use in your projects nonpersistent authentication cookie to maintain the authentication ticket between requests. This means that if the user closes the browser, the cookie is immediately removed. The benefits are the following:
– This is a sensible step that ensures security. It’s particularly important with shared computers to prevent …
How to use Forms Authentication custom credentials store in ASP.NET in VB.NET
The credential store in web.config (described in the articles: How to use web.config as credential store with Forms Authentication in ASP.NET and How to hash ASP.NET Forms Authentication passwords in web.config in VB.NET ) is useful for simple scenarios only. You have not use web.config as the credential store, because:
– Potential lack of security: Even …
How to use Forms Authentication custom credentials store in ASP.NET in C#
The credential store in web.config (described in the articles How to use web.config as credential store with Forms Authentication in ASP.NET and How to hash ASP.NET Forms Authentication passwords in web.config in C# ) is useful for simple scenarios only. You have not use web.config as the credential store, because:
– Potential lack of security: …
ASP.NET supports cookieless forms authentication out of the box. You can configure it through the cookieless attribute of the <forms /> tag in the <authentication /> section:
<authentication mode=”Forms”>
<!– Detailed configuration options –>
<forms name=”MyCookieName”
loginUrl=”DbLogin.aspx”
cookieless=“AutoDetect” />
</authentication>
The next table describes cookieless option possible settings in details:
Option
Description
UseCookies
Forces the runtime to …
How to hash ASP.NET Forms Authentication passwords in web.config in VB.NET
Forms authentication offers the possibility of storing the password in different formats. In the <credentials /> configuration section of the <forms /> element, the format of the password is specified through the passwordFormat attribute, which has three valid values:
– Clear – The passwords are stored as clear text in the <user /> …
How to hash ASP.NET Forms Authentication passwords in web.config in C#
Forms authentication offers the possibility of storing the password in different formats. In the <credentials /> configuration section of the <forms /> element, the format of the password is specified through the passwordFormat attribute, which has three valid values:
– Clear – The passwords are stored as clear text in the <user /> …
How to create a Forms Authentication logout page in ASP.NET in VB.NET
You can create a Forms Authentication logout page by creating a logout button and calling the FormsAuthentication.SignOut() method, as shown here:
Protected Sub SignOutAction_Click(sender As Object, e As EventArgs)
FormsAuthentication.SignOut()
FormsAuthentication.RedirectToLoginPage()
End Sub
When you call the SignOut() method, you remove the authentication cookie. Depending on the application, you can redirect …
How to create a Forms Authentication logout page in ASP.NET in C#
You can create a Forms Authentication logout page by creating a logout button and calling the FormsAuthentication.SignOut() method, as shown here:
protected void SignOutAction_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
When you call the SignOut() method, you remove the authentication cookie. Depending on the application, you can redirect the user to another page when the user logs …