mtelligent

View Original

Exam 70-553 - Establish a user's identity by using forms authentication.

Section 2
  • Part 6

    Implementing Authentication and Authorization

    • Topic 1

Establish a user's identity by using forms authentication.

  • Configure forms authentication for a Web application by using a configuration file.
  • Enable cookieless forms authentication by setting the cookieless attribute.
  • Use membership APIs and the Membership class to manage users.
  • Enable anonymous identification.

Summary

The following description of how to configure forms authentication is from msdn:

To implement forms authentication you must create your own logon page and redirect URL for unauthenticated clients. You must also create your own scheme for account authentication. The following is an example of a Web.config configuration using Forms authentication:

<!-- Web.config file -->
<system.web>
<authentication mode="Forms">
<forms forms="401kApp" loginUrl="/login.aspx" />
</authentication>
</system.web>

Because you are implementing your own authentication, you will typically configure IIS for Anonymous authentication.

The forms node has an attribute that is new to .Net 2.0: Cookieless. It has four values: UseUri – Store the authentication ID in the url, UseCookies, AutoDetect, and UseDeviceProfile which looks up the device in machine config to determine whether to use cookies or not.

The Membership class can be used to create new users, store user data (user names, passwords, e-mail addresses, and supporting data), authenticating users either programmatically or with the Login controls provided by ASP.Net, and managing passwords for users.

The following description of how to enable anonymous identification is from msdn:

ASP.NET 2.0 supports anonymous identification, and you can encrypt the anonymous identification cookie. Encryption of the cookie uses the <machineKey> configuration. To enable anonymous identification, set enabled="true" on the <anonymousIdentification> element in your Web.config file. To enable the cookies to be encrypted, set cookieProtection="Encrypted", as shown here.

<anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS"
cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false"
cookieSlidingExpiration="true" cookieProtection="Encrypted"
cookieless="UseCookies" domain="" />

Other Resources & Links:

ASP.Net Authentication
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconASPNETAuthentication.asp

ASP.Net 2.0 Security (Has info on cookieless forms authentication)
http://www.awprofessional.com/articles/article.asp?p=351414&seqNum=4&rl=1

Membership Class
http://msdn2.microsoft.com/en-us/library/system.web.security.membership(VS.80).aspx

How To: Configure MachineKey in ASP.NET 2.0 (Has info on configuring Anonymous Identification)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000007.asp