Introduction
Forms Authentication is a widely-used mechanism in ASP.NET for managing user authentication within web applications. It allows developers to authenticate users based on credentials stored in a database or another user store. In this article, we'll walk through the implementation of Forms Authentication in an ASP.NET web application using .NET Framework 4.8.0.
Step 1. Create a New ASP.NET Web Application
Open Visual Studio and create a new ASP.NET web application project, ensuring the selection of the appropriate framework version (in this case, .NET Framework 4.8.0).
Step 2. Configure Forms Authentication in web.config
Navigate to the web.config file of your ASP.NET application. Configure Forms Authentication by adding the following configuration within the <system.web> section:
<authentication mode="Forms">
<forms loginUrl="~/Authority/Login" timeout="30"></forms>
</authentication>
This configuration specifies that Forms Authentication is enabled, the login page is Login.chtml, the default landing page after login is Default.chtml, and the session timeout is set to 30 minutes.
Step 3. Create a Login Page
Add a new web form named Login.chtml to your project. Design the login page with fields for username and password, as well as a login button.
Step 4. Implement Login Logic
In the code-behind file (Login.cs), implement the login logic when the user submits the login form.
using System.Web.Mvc;
using AdminPlain.Models;
using ApplicationDb.Operation;
using System.Web.Security;
namespace AdminPlain.Controllers
{
[HandleError]
public class AuthorityController : Controller
{
AdminPlainRepositery repo = null;
public AuthorityController()
{
repo = new AdminPlainRepositery();
}
// GET
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Login(AuthorityMembers members)
{
var result = repo.FindUser(members);
if (result)
{
FormsAuthentication.SetAuthCookie(members.Name, false);
return RedirectToAction("Index", "Home");
}
ModelState.AddModelError("", "Invalid UserName and Password");
return View();
}
}
}
Step 5. Create a Default Landing Page
Add another web form named Default.chtml to serve as the default landing page after successful login. This page can contain protected content that only authenticated users can access.
Step 6. Protect Pages
To protect pages that require authentication, you can use the Authorize attribute. Apply the [Authorize] attribute to the code-behind file of protected pages.
[Authorize]
public ActionResult Index(ApplicationModel detail)
{
if (ModelState.IsValid)
{
var result = repo.addTask(detail);
ViewBag.isSuccess = true;
}else {
ViewBag.isSuccess = false;
}
return View();
}
Step 7. Implement Logout Functionality
To allow users to log out, create a logout button or link that calls the SignOut method of the FormsAuthentication class.
public ActionResult Logout()
{
FormsAuthentication.SignOut();
return RedirectToAction("Login");
}
Conclusion
Forms Authentication in ASP.NET Framework 4.8.0 provides a straightforward method for implementing user authentication in web applications. By following the steps outlined in this guide, you can create a secure login system that protects sensitive areas of your application and provides a smooth user experience.