Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET Login to a Website with Forms Authentication vs None

Tags:

asp.net

forms-authentication

I've got a stock standard ASP.NET website. Anyone can read/view any page (except the admin section) but when someone wants to contribute, they need to be logged in. Just like most contribution sites out there.

So, if i have my OWN login control or username/password/submit input fields, why would i want to have forms auth turned on instead of just none? what does forms auth give me, which having my own code that check my database for a user/pass and my own two input fields + a submit button, does the job perfectly?

(NOTE: i really dislike the asp.net membership stuff that creates all those tables and usp's in the database, so please don't suggest I use that).

Like, with my code, when i authenticate a user (with my own database code), i manually create my own identity, etc.

is all this required? what is the main purpose of this?

cheers!

like image 272
Pure.Krome Avatar asked Nov 17 '25 21:11

Pure.Krome

1 Answers

You can authorize your users how ever you want. FormAuthentication is used to set the session identity and the authentication cookie that allows users to stay logged in until they logout or the session expires. You don't need to use the membership providers to use FormsAuthentication. It sounds like you are just replicating this functionality.

...do your authentication against your DB or Active Directory

if (Request.QueryString["ReturnUrl"] != null)
{
    FormsAuthentication.RedirectFromLoginPage(userName.Text, false);
}
else
{
    FormsAuthentication.SetAuthCookie(userName.Text, false);
}

Then you need to set up to use it in the web.config

<system.web>
  <authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           protection="All"
           timeout="30"
           name="my-auth-cookie" 
           path="/"
           requireSSL="false"
           slidingExpiration="true"
           defaultUrl="default.aspx" />
  </authentication>
</system.web>

You get all the benefits of doing your own authorization and not having to implement the cookie infrastructure. Note, since your web site only needs to authorize when editing, you'll need to set the permissions that allow everyone to read all pages and implement your own logic to redirect them to the login page when they want to edit.

More information here.

like image 158
tvanfosson Avatar answered Nov 20 '25 13:11

tvanfosson
Sign in to Comment

Related questions

ASP.NET WebForms "Identifier expected" error
WCF Configuring server to remember data
How to resize Google RECAPTCHA
Storing content in multiple languages? E.g. English, French, German
Testing the UI in an Asp.net Page?
If one page executes a Response.Redirect() to a different web page, can the new page access values in asp.net controls from the original page?
Avoid losing PostBack user input after Auth Session has timed out in ASP.NET

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!