• Choose a category
• All
• Classic-Fiction

By Root 5782 0

is always required by Web sites that need authentication, an explicit sign-out is less common but legitimate nonetheless. The Forms authentication module provides an explicit method to sign out. The SignOut method on the FormsAuthentication class takes no argument and resets the authentication ticket. In particular, when cookies are used, the SignOut method removes the current ticket from the Cookies collection of the current HttpResponse object and replaces it with an empty and expired cookie.

After you call SignOut, you might want to redirect the application to another page. The FormsAuthentication class has a method—RedirectToLoginPage—that provides the described functionality and transfers the user to a given page using Response.Redirect.

Let’s now take a look at the methods of the FormsAuthentication class and the configurable parameters you find in the web.config file. After this, I’ll move on to introduce the membership API and role management.

The FormsAuthentication Class

The FormsAuthentication class supplies some static methods you can use to manipulate authentication tickets and execute basic authentication operations. You typically use the RedirectFromLoginPage method to redirect an authenticated user back to the originally requested URL; likewise, you call SignOut to remove the authentication ticket for the current user. Other methods and properties are for manipulating and renewing the ticket and the associated cookie.

Properties of the FormsAuthentication Class

Table 19-4 lists the properties of the FormsAuthentication class. As you can see, many of them deal with cookie naming and usage and expose the content of configuration attributes in the section. We’ll look at the underpinnings of the XML configuration element in the next section. All the properties of the FormsAuthentication class shown in the table are static.

Table 19-4. Properties of the FormsAuthentication Class

Property

Description

CookieDomain

Returns the domain set for the authentication ticket. This property is equal to the value of the domain attribute in the section.

CookieMode

Indicates whether Forms authentication is implemented with or without cookies.

CookiesSupported

Returns true if the current request supports cookies.

DefaultUrl

Returns the URL for the page to return after a request has been successfully authenticated. It matches the defaultUrl attribute in the section.

EnableCrossAppRedirects

Indicates whether redirects can span different Web applications.

FormsCookieName

Returns the configured cookie name used for the current application. The default name is .ASPXAUTH.

FormsCookiePath

Returns the configured cookie path used for the current application. The default is the root path (/).

LoginUrl

Returns the configured or default URL for the login page. It matches the loginUrl attribute in the section.

RequireSSL

Indicates whether a cookie must be transmitted using only HTTPS.

SlidingExpiration

Indicates whether sliding expiration is enabled.

Most of the properties are initialized with the values read from the configuration section of the web.config file when the application starts up.

Methods of the FormsAuthentication Class

Table 19-5 details the methods supported by the FormsAuthentication class. All the methods listed in the table are static.

Table 19-5. Methods of the FormsAuthentication Class

Method

Description

Authenticate

Attempts to validate the supplied credentials against those contained in the configured section. (I’ll say more about this later.)

Decrypt

Given a valid authentication ticket, it returns an instance of the FormsAuthenticationTicket class.

Encrypt

Produces a string containing the printable representation of an authentication ticket. The string contains, encoded to URL-compliant characters, the user’s credentials optionally hashed and encrypted.

GetAuthCookie

Creates an authentication ticket for a given user name.

GetRedirectUrl

Returns the redirect