Configuring a application for Forms Authentication

Home About Me Contact Me Find Image RSS ATOM Site Map

- Posts By Date

January 2009 (1)
December 2008 (2)
November 2008 (1)
October 2008 (4)
September 2008 (1)
August 2008 (1)
July 2008 (6)
June 2008 (2)
May 2008 (2)
April 2008 (4)
March 2008 (6)
February 2008 (24)
January 2008 (18)
December 2007 (12)
November 2007 (4)
October 2007 (16)
September 2007 (11)
August 2007 (20)
July 2007 (12)
June 2007 (8)

- Search The site

Subscribe by Email

- Sites I visit

JustLikeThat
Why Not
Farghana
ScottGu
Techolyvia
Rimjhim

- Recent Blogs

Congratulations 2009 Microsoft MVP! - Vikram Lakhotia

Sharepoint Using event handler to make a column unique

Finding all the roles of group for user with Reader by using Elevated Privileges

And the site is back now

Microsoft releases CTP of Visual studio 2010 and Dot net framework 4.0

Get My Blog in SMS now with Google SMS Channel in India

Getting the SPWeb object of Site in the Itemdeleting event in Sharepoint

Silverlight 2.0 released by Microsoft

Retrieving attachment SPFile object from the Share point List Item

Dot Net framework 3.5 and visual studio 2008 SP1 out

Number of Rows affected Rowcount and Top keyword

Embedding another word file to a word document programmatically

Programmatically making basic text formatting option in Word 2007 Automation

Programmatically replace word with the help of Word Automation

Word Automation saving word document in the different Format

Configuring a application for Forms Authentication

Attributes for configuring Forms authentication in Asp.Net

Posted on 11/4/2006 9:02:56 AM in #ASP.NET 2.X

Many a time we use the forms authentication in our application. When using the forms authentication we need to configure it in the web.config file. There are many attributes to the configuration, which are many a time not utilized properly. Here is a look at the attributes of the Forms Authentication.

[Note: remember Forms element is the sub element of the authentication element inside System.web element in the web.config]

cookieless - we can store the forms authentication ticket either in a cookie or in a cookieless representation of the URL. The default value is UseDeviceProfile. This means that ASP.Net determines storage of ticket on the basis of pre-computed browser profile.

DefaultUrl – this is the default URL of the Application.The request is redirected to this URL after successful login. Remember this value is only used when there is no value for redirect URL.

Domain – As the name suggest this specifies the Domain property on the HttpCookie containing the authentication ticket. We can use this attribute to share the same cookie till we have a common portion of a DNS namespace(two subdomain can share the cookie).

EnableCrossAppRedirects – if we set this attribute to true the forms authentication module then can extract the ticket from either the query string or the forms post variables.

LoginUrl – This is the URL of the login page. Unauthenticated users are redirected to this URL.

Name – this property contains the name of the Http cookie to be used for the authentication purpose.

Path – Path to use for the issued cookie. The default value is "/"

Protection - Method used to protect cookie data. Valid values are All, None, Encryption, Validation

RequireSSL – If set to true, Forms Authentication sets the secure bit on the forms authentication cookie.

SlidingExpiration - If set to true, Forms Authentication will periodically update the time to live for the forms authentication ticket. This occurs regardless of whether or not the ticket is contained in a cookie, or in a cookieless format on the URL.

Timeout - Amount of time in integer minutes, after which the cookie expires. The default value is 30. The timeout attribute is a sliding value, expiring n minutes from the time the last request was received.

Also check out this post of mine on the forms authentication.

Hope this helps
Thanks
Vikram

Share this post Email it | digg it! | reddit! | bookmark it!

Feedback

reddy

Posted on 11/6/2006 10:14:12 PM

ASP.Net Auth

Mandeep

Posted on 11/10/2006 8:18:36 AM

I'm facing a problem with session getting dropped unpredictably. The project uses .NET 2.0 and Atlas.
Are there any known bugs?

Vikram

Posted on 11/11/2006 12:04:47 PM

Hi Mandeep

Are you deleting any directory some where in the code. In ASP.NET 2.0 if u delete any directory the application restart and hence u loose all the session values
Read this post of mine
http://vikram/BlogSiteLive/Post.aspx?postID=6

Vikram

Please post your comments:

Name:

Email (optional): Your email address will not be posted.

URL (optional):

Comments: HTML will be ignored, URLs will be converted to hyperlinks