1 out of 1 rated this helpful - Rate this topic

FormsAuthentication.Authenticate Method

.NET Framework 4.5

Other Versions

Note: This API is now obsolete.

Validates a user name and password against credentials stored in the configuration file for an application.

Namespace: System.Web.Security
Assembly: System.Web (in System.Web.dll)

Syntax

C++

[ObsoleteAttribute("The recommended alternative is to use the Membership APIs, such as Membership.ValidateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")]
public static bool Authenticate(
	string name,
	string password
)

Parameters

name: Type: System.String
The user name.

password: Type: System.String
The password for the user.

Return Value

Type: System.Boolean
true if the user name and password are valid; otherwise, false.

Remarks

The Authenticate method verifies user credentials that are stored in the credentials section of the application configuration file. Alternatively, you can use ASP.NET membership to store user credentials and call the ValidateUser to verify the credentials. For more information, see Managing Users by Using Membership.

For improved security, you can encrypt passwords stored in the configuration file for an application by using the HashPasswordForStoringInConfigFile method.

Examples

The following code example shows user credentials stored in the Web.config file for an application. The password values have been hashed using the HashPasswordForStoringInConfigFile method.

</credentials>

</forms>

</authentication>

The following code example shows a login page that uses the Authenticate method to validate user credentials.

Security Note
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Login_OnClick(object sender, EventArgs args)
{
   if (FormsAuthentication.Authenticate(UsernameTextbox.Text, PasswordTextbox.Text))
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
   else
     Msg.Text = "Login failed. Please check your user name and password and try again.";
}


</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Login</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />

  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.

</form>

</body>
</html>

Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0
Obsolete (compiler warning) in 4.5

Platforms

Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Reference

FormsAuthentication Class

System.Web.Security Namespace

Other Resources

ASP.NET Web Application Security

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)