Export (0) Print
Expand All
0 out of 2 rated this helpful - Rate this topic

FormsAuthentication.Authenticate Method

Validates a user name and password against credentials stored in the configuration file for an application.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)
public static bool Authenticate (
	string name,
	string password
)
public static boolean Authenticate (
	String name, 
	String password
)
public static function Authenticate (
	name : String, 
	password : String
) : boolean
Not applicable.

Parameters

name

The user name.

password

The password for the user.

Return Value

true if the user name and password are valid; otherwise, false.

The Authenticate method verifies user credentials that are stored in the credentials section of the application configuration file. Alternatively, you can use ASP.NET membership to store user credentials and call the ValidateUser to verify the credentials. For more information, see Managing Users By Using Membership.

For improved security, you can encrypt passwords stored in the configuration file for an application by using the HashPasswordForStoringInConfigFile method.

The following code example shows user credentials stored in the Web.config file for an application. The password values have been hashed using the HashPasswordForStoringInConfigFile method.

<authentication mode="Forms">

<forms loginUrl="login.aspx">

<credentials passwordFormat="SHA1">

<user name="user1" password="27CE4CA7FBF00685AF2F617E3F5BBCAFF7B7403C" />

<user name="user2" password="D108F80936F78DFDD333141EBC985B0233A30C7A" />

<user name="user3" password="7BDB09781A3F23885CD43177C0508B375CB1B7E9"/>

</credentials>

</forms>

</authentication>

The following code example shows a login page that uses the Authenticate method to validate user credentials.

Security noteSecurity Note:

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview (Visual Studio).

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Login_OnClick(object sender, EventArgs args)
{
   if (FormsAuthentication.Authenticate(UsernameTextbox.Text, PasswordTextbox.Text))
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
   else
     Msg.Text = "Login failed. Please check your user name and password and try again.";
}


</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Login</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />
 
  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.

</form>

</body>
</html>

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0, 1.1, 1.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.