User Authentication with Forms Authentication in ASP.NET MVC

Introduction

Forms Authentication is a widely-used mechanism in ASP.NET for managing user authentication within web applications. It allows developers to authenticate users based on credentials stored in a database or another user store. In this article, we'll walk through the implementation of Forms Authentication in an ASP.NET web application using .NET Framework 4.8.0.

Step 1. Create a New ASP.NET Web Application

Open Visual Studio and create a new ASP.NET web application project, ensuring the selection of the appropriate framework version (in this case, .NET Framework 4.8.0).

Step 2. Configure Forms Authentication in web.config

Navigate to the web.config file of your ASP.NET application. Configure Forms Authentication by adding the following configuration within the <system.web> section:

<authentication mode="Forms">
    <forms loginUrl="~/Authority/Login" timeout="30"></forms>
</authentication>

This configuration specifies that Forms Authentication is enabled, the login page is Login.chtml, the default landing page after login is Default.chtml, and the session timeout is set to 30 minutes.

Step 3. Create a Login Page

Add a new web form named Login.chtml to your project. Design the login page with fields for username and password, as well as a login button.

Step 4. Implement Login Logic

In the code-behind file (Login.cs), implement the login logic when the user submits the login form.

using System.Web.Mvc;
using AdminPlain.Models;
using ApplicationDb.Operation;
using System.Web.Security;

namespace AdminPlain.Controllers
{
    [HandleError]
    public class AuthorityController : Controller
    {
        AdminPlainRepositery repo = null;
        public AuthorityController()
        {
            repo = new AdminPlainRepositery();
        }    
        // GET
        public ActionResult Login()
        { 
            return View(); 
        }

        [HttpPost]
        public ActionResult Login(AuthorityMembers members)
        {
            var result = repo.FindUser(members);
            if (result)
            {
                FormsAuthentication.SetAuthCookie(members.Name, false);
                return RedirectToAction("Index", "Home");
            }
            ModelState.AddModelError("", "Invalid UserName and Password");
            return View();
        }
    }
}

Step 5. Create a Default Landing Page

Add another web form named Default.chtml to serve as the default landing page after successful login. This page can contain protected content that only authenticated users can access.

Step 6. Protect Pages

To protect pages that require authentication, you can use the Authorize attribute. Apply the [Authorize] attribute to the code-behind file of protected pages.

[Authorize]
public ActionResult Index(ApplicationModel detail)
{
    if (ModelState.IsValid)
    {
       var result = repo.addTask(detail);
       ViewBag.isSuccess = true;
    }else {
        ViewBag.isSuccess = false;
    }
    return View();
}

Step 7. Implement Logout Functionality

To allow users to log out, create a logout button or link that calls the SignOut method of the FormsAuthentication class.

public ActionResult Logout()
{
    FormsAuthentication.SignOut();
    return RedirectToAction("Login");
}

Conclusion

Forms Authentication in ASP.NET Framework 4.8.0 provides a straightforward method for implementing user authentication in web applications. By following the steps outlined in this guide, you can create a secure login system that protects sensitive areas of your application and provides a smooth user experience.


Similar Articles