Fog Creek Software
Discussion Board

Welcome! and rules

Joel on Software

ASP.NET custom forms authentication


I'm building a site that will be secured using Forms authentication, and am looking for some pointers to documentation on how to get the authentication working how I want.

I want to check the username/password against a SQL database, rather than the users.xml file - does this just require adding some code into the Application_AuthenticateRequest method in Global.asax.cs? Or do I need to provide a class that implements some interface?

There's a big sea of MSDN documentation and I'm feeling a bit lost trying to track down a basic explanation of how to provide a custom authentication handler. Any links to useful pages would be welcome.


Monday, October 4, 2004

In your web.config, setup forms authentication like this:

<authentication mode="Forms">
        <forms name="MyApp.COOKIE" loginUrl="~/LogOn.aspx" protection="All" path="/" timeout="20" />
      <deny users="?" />

...then, create your log on page as such:

1)  Add text field for user name
2)  Add text field for password
3)  Add command button for submit

...add an event handler for your command button click and in that event handler:

1)  Retrieve user name and password from submitted form
2)  Check username and password against your SQL Server user table using SQL query or stored procedure.
3)  If you have a good username/password combination then call:

System.Web.Security.FormsAuthentication.RedirectFromLoginPage(this.txtUserName.Text, false);

If the username/password was bad then just show them a message or do whatever else you need to.

Hope that helps.

Monday, October 4, 2004

smallbiz is essentially correct, although you might also want to check this out:

It is from the main JoS forum, although it has fallen off the bottom now.

Tuesday, October 5, 2004

*  Recent Topics

*  Fog Creek Home