Forms Authentication In ASP.NET


Form authentication is used for internet web application. The advantage of form authentication is that users do not have to be member of a domain-based network to have access to your application. So the number of web application uses the form authentication in their web application.

There are three types of authentication in ASP.NET,

  • Windows authentication
  • Forms authentication
  • Passport Authentication

Here I am going to explain only implementation of Forms Authentication.

These are the followings steps to use forms authentication in our web application.

Step 1: Open Visual Studio then go to the File Menu where we click New, then Project and select the ASP.NET web application and assign the name of the application in pop up menu.

open Apps

Step 2: After selecting the web application select an empty template here.

empty form

Step 3: In our web application here we add two pages one login.aspx and another welcome.aspx.
Add new item

login page

Here we added two web form login.aspx and welcome.aspx.
Step 4: Now we set web.config file to implement the authentication of web application.
  1. <configuration>  
  2.     <appSettings>  
  3.         <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />  
  4.     </appSettings>  
  5.     <system.web>  
  6.         <compilation debug="true" targetFramework="4.5" />  
  7.         <authentication mode="Forms">  
  8.             <forms loginUrl="login.aspx" defaultUrl="welcome.aspx">  
  9.                 <credentials passwordFormat="Clear">  
  10.                     <user name="abhishek" password="abhi@123"/>  
  11.                     <user name="Kantesh" password="sinha@123" />  
  12.                 </credentials>  
  13.             </forms>  
  14.         </authentication>  
  15.         <authorization>  
  16.             <deny users="?"/>  
  17.         </authorization>  
  18.         <httpRuntime targetFramework="4.5" />  
  19.     </system.web>  
  20. </configuration>  
Here we add Forms authentication mode and loginUrl is my login page where we create our login form and we also assign two users for authentication which is hard coded. So only two users by this name can authenticate our application page. If any other users try to access our web application then it will deny the users that are defined under the authorization tag.

Steps 5:
Now we create a login form in login.aspx page. For that we will write the code for login form here,
  1. <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="FormAuth.Login" %>  
  2. <!DOCTYPE html>  
  3. <html  
  4.     xmlns="">  
  5.     <head runat="server">  
  6.         <title></title>  
  7.     </head>  
  8.     <body>  
  9.         <form id="form1" runat="server">  
  10.             <h3>  
  11.       Login Page</h3>  
  12.             <table>  
  13.                 <tr>  
  14.                     <td>  
  15.           UserName:</td>  
  16.                     <td>  
  17.                         <asp:TextBox ID="UserName" runat="server" />  
  18.                     </td>  
  19.                     <td>  
  20.                         <asp:RequiredFieldValidator ID="RequiredFieldValidator1"   
  21.             ControlToValidate="UserName"  
  22.             Display="Dynamic"   
  23.             ErrorMessage="Cannot be empty."   
  24.             runat="server" />  
  25.                     </td>  
  26.                 </tr>  
  27.                 <tr>  
  28.                     <td>  
  29.           Password:</td>  
  30.                     <td>  
  31.                         <asp:TextBox ID="UserPass" TextMode="Password"   
  32.              runat="server" />  
  33.                     </td>  
  34.                     <td>  
  35.                         <asp:RequiredFieldValidator ID="RequiredFieldValidator2"   
  36.             ControlToValidate="UserPass"  
  37.             ErrorMessage="Cannot be empty."   
  38.             runat="server" />  
  39.                     </td>  
  40.                 </tr>  
  41.                 <tr>  
  42.                     <td>  
  43.           Remember me?</td>  
  44.                     <td>  
  45.                         <asp:CheckBox ID="chkboxPersist" runat="server" />  
  46.                     </td>  
  47.                 </tr>  
  48.             </table>  
  49.             <asp:Button ID="Submit1" OnClick="Login_Click" Text="Log In"   
  50.        runat="server" />  
  51.             <p>  
  52.                 <asp:Label ID="Msg" ForeColor="red" runat="server" />  
  53.             </p>  
  54.         </form>  
  55.     </body>  
  56. </html>  
Step 6: Here we write the code for Login button in login.aspx.cs page.
  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.UI;  
  6. using System.Web.UI.WebControls;  
  7. using System.Web.Security;  
  9. namespace FormAuth {  
  10.     public partial class Login: System.Web.UI.Page {  
  11.         protected void Page_Load(object sender, EventArgs e) {  
  13.         }  
  15.         protected void Login_Click(object sender, EventArgs e) {  
  16.             if (FormsAuthentication.Authenticate(UserName.Text, UserPass.Text)) {  
  17.                 FormsAuthentication.RedirectFromLoginPage(UserName.Text, chkboxPersist.Checked);  
  18.             } else {  
  19.                 Msg.Text = "Invalid User Name and/or Password";  
  20.             }  
  21.         }  
  22.     }  
  23. }  
Before writing the login button code user can directly redirect to the welcome page. If user type the Welcome page URL in browser, we need to prevent the direct access to the welcome page. For that we write the condition for authenticating the users on button click.

FormsAuthentication.Authenticate which takes two parameter username and password which authenticate the user and redirect the page after successful login.

Step 7: After writing the code of these pages now we are ready to execute the web application. To run the application we click Ctrl+F5 . After debugging the application our login page open in the browser.
login page in browser
Here we enter the valid Username and Password which we assigned in our web.config file. If we enter any invalid user then it will throw an exception.
invalid user 

Step 8: By entering the valid username and password our application will successfully authenticate the user which will redirect to the next welcome page after successfully login.

Here we checked the Remember me check box which means let's say you logged in and close the browser. You again open the browser with welcome page then you can access the authorized page without login. That means our browser cookies are enabled which store the user data in text file until the browser is cleared.

 valid user

loged in

Finally, valid user successfully logged in our web application using Forms Authentication in ASP.NET.