Configuring Forms Authentication

Configuring Forms Authentication

Configuring forms authentication in ASP.NET involves several steps:

Enable forms authentication in the web.config file: Add the following code to the <system.web> section of your web.config file:

<authentication mode=”Forms”>

  <forms loginUrl=”~/Account/Login.aspx” timeout=”2880″ />


This specifies that forms authentication should be used and sets the login URL and timeout.

Create a login page: Create a login page that prompts the user for their credentials and validates them against a user database or other data source.

Add code to authenticate users: In the code-behind file for the login page, add code to authenticate the user’s credentials. You can use the FormsAuthentication.RedirectFromLoginPage method to redirect the user to the originally requested page after successful authentication.

if (Membership.ValidateUser(userName, password))


    FormsAuthentication.RedirectFromLoginPage(userName, false);


Protect pages: To protect a page, add the following code to the page’s code-behind file:

if (!User.Identity.IsAuthenticated)




This code checks whether the user is authenticated and redirects them to the login page if they are not.

Optionally, configure roles: You can configure roles by adding the following code to the <system.web> section of your web.config file:


  <deny users=”?”/>

  <allow roles=”Admin”/>

  <deny users=”*”/>


This code denies anonymous users access to all pages, allows users with the “Admin” role access to certain pages, and denies all other users access to all pages.

Apply for ASP.NET Certification Now!!

Back to Tutorial

Get industry recognized certification – Contact us