- Part 6
Implementing Authentication and Authorization
- Topic 1
Establish a user's identity by using forms authentication.
- Configure forms authentication for a Web application by using a configuration file.
- Enable cookieless forms authentication by setting the cookieless attribute.
- Use membership APIs and the Membership class to manage users.
- Enable anonymous identification.
The following description of how to configure forms authentication is from msdn:
To implement forms authentication you must create your own logon page and redirect URL for unauthenticated clients. You must also create your own scheme for account authentication. The following is an example of a Web.config configuration using Forms authentication:
<!-- Web.config file -->
<forms forms="401kApp" loginUrl="/login.aspx" />
Because you are implementing your own authentication, you will typically configure IIS for Anonymous authentication.
The Membership class can be used to create new users, store user data (user names, passwords, e-mail addresses, and supporting data), authenticating users either programmatically or with the Login controls provided by ASP.Net, and managing passwords for users.
The following description of how to enable anonymous identification is from msdn:
ASP.NET 2.0 supports anonymous identification, and you can encrypt the anonymous identification cookie. Encryption of the cookie uses the <machineKey> configuration. To enable anonymous identification, set enabled="true" on the <anonymousIdentification> element in your Web.config file. To enable the cookies to be encrypted, set cookieProtection="Encrypted", as shown here.
<anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS"
cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false"
cookieless="UseCookies" domain="" />
Other Resources & Links:
ASP.Net 2.0 Security (Has info on cookieless forms authentication)
How To: Configure MachineKey in ASP.NET 2.0 (Has info on configuring Anonymous Identification)