Authentication in ASP.NET

Hi everyone in this blog I’m explaining about authentication in ASP.NET.


Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against some authority. If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.

ASP.NET implements authentication through authentication providers, the code modules that contain the code necessary to authenticate the requestor's credentials. The topics in this section describe the authentication providers built into ASP.NET.

There are three types of authentication available in ASP.NET:

Windows Authentication: This authentication method uses built-in windows security features to authenticate user.     

Forms Authentication: authenticate against a customized list of users or users in a database.

Passport Authentication: validates against Microsoft Passport service which is basically a centralized authentication service.

Authentication it is the process of ensuring the users identity and authenticity. ASP.Net allows four types of authentication system:

v  Windows Authentication

v  Forms Authentication

v  Passport Authentication

v  Custom Authentication


Forms-Based Authentication:

Traditionally forms based authentication involves editing the Web.Config file and adding a login page with appropriate authentication code.

The Web.Config file could be edited and the following codes written on it:



<authentication mode=”Forms”>

<forms loginUrl =”login.aspx”/>



<deny users=”?”/>






Implementing Forms-Based Security:

To set up forms based authentication, the following things are needed:

A database of users to support the authentication process

A website that uses the database

User accounts


Restriction of users’ and group activities

You need:

A default page, which will display the login status of the users and other information

A login page, which will allow users to log in, retrieve password or change password

To create users take the following steps:

Step 1: Choose Website -> ASP.Net Configuration to open the Web Application Administration Tool

Step 2 : Click on the Security tab:

Step 3: Select the authentication type to Forms based authentication by selecting the From the Internet radio button.

Step 4: Click on Create Users link to create some users. If you already had created roles, you could assign roles to the user, right at this stage.

Step 5: Create a web site and add the following pages:






Step 6 : Place a LoginStatus control on the Welcome.aspx from the login section of the toolbox. It has the templates: Logged in and Logged out.

In Logged out template, there is a login link and in the Logged in template, there is a logout link on the control. You can change the login and logout text properties of the control from the Properties window.

Login Status control


Step 7: Place a LoginView control from the toolbox below the LoginStatus control. Here you can put texts and other controls (hyperlinks, buttons etc), that will be displayed based on whether the user is logged in or not.

This control has two view templates: Anonymous template and Logged in template. Select each view and write some text for the users to be displayed for each template. The text should be placed on the area marked red.

Login View control

Step 8: The users for the application are created by the developer. You might want to allow a visitor to the site create a user account. For this, add a link beneath the LoginView control, which should link to the CreateAccount.aspx page.

Step 9: Place a CreateUserWizard control on the create account page. Set the ContinueDestinationPageUrl property of this control to Welcome.aspx.

CreateUserWizard control

Step 10: Create the Login page. Place a Login control on the page. The LoginStatus control automatically links to the Login.aspx. To change this default, make the following changes in the web.config file.

For example, if you want to name your log in page as signup.aspx, add the following lines to the <authentication> section of the web.config:

<authentication mode=”Forms”>

<forms loginUrl =”signup.aspx” defaultUrl = welcome.aspx />





check more post on security in .net here

Leave Comment