.NET Framework Class Library
FormsAuthenticationConfiguration Class

Configures an ASP.NET application to use the AuthenticationMode forms modality.

Inheritance Hierarchy

Namespace:   System.Web.Configuration
Assembly:  System.Web (in System.Web.dll)
Public NotInheritable Class FormsAuthenticationConfiguration _
	Inherits [%$TOPIC/2aka8ss9_en-us_VS_110_3_0_0_0_0%]
public sealed class FormsAuthenticationConfiguration : [%$TOPIC/2aka8ss9_en-us_VS_110_3_0_1_0_0%]
public ref class FormsAuthenticationConfiguration sealed : public [%$TOPIC/2aka8ss9_en-us_VS_110_3_0_2_0_0%]
type FormsAuthenticationConfiguration =  
        inherit [%$TOPIC/2aka8ss9_en-us_VS_110_3_0_3_0_1%] 
public final class FormsAuthenticationConfiguration extends [%$TOPIC/2aka8ss9_en-us_VS_110_3_0_4_0_0%]

The FormsAuthenticationConfiguration type exposes the following members.

Public method FormsAuthenticationConfigurationInfrastructure. Initializes a new instance of the FormsAuthenticationConfiguration class.
Public property CookielessGets or sets a value indicating whether forms-based authentication should use cookies.
Public property CredentialsGets the FormsAuthenticationCredentials collection of user names and passwords.
Public property CurrentConfigurationGets a reference to the top-level Configuration instance that represents the configuration hierarchy that the current ConfigurationElement instance belongs to. (Inherited from ConfigurationElement.)
Public property DefaultUrlGets or sets the default URL.
Public property DomainGets or sets the domain name to be sent with forms authentication cookies.
Public property ElementInformationGets an ElementInformation object that contains the non-customizable information and functionality of the ConfigurationElement object. (Inherited from ConfigurationElement.)
Protected property ElementPropertyGets the ConfigurationElementProperty object that represents the ConfigurationElement object itself. (Inherited from ConfigurationElement.)
Public property EnableCrossAppRedirectsGets or sets a value indicating whether authenticated users can be redirected to URLS in other applications.
Protected property ItemConfigurationPropertyGets or sets a property or attribute of this configuration element. (Inherited from ConfigurationElement.)
Protected property ItemStringGets or sets a property, attribute, or child element of this configuration element. (Inherited from ConfigurationElement.)
Public property LockAllAttributesExceptGets the collection of locked attributes. (Inherited from ConfigurationElement.)
Public property LockAllElementsExceptGets the collection of locked elements. (Inherited from ConfigurationElement.)
Public property LockAttributesGets the collection of locked attributes (Inherited from ConfigurationElement.)
Public property LockElementsGets the collection of locked elements. (Inherited from ConfigurationElement.)
Public property LockItemGets or sets a value indicating whether the element is locked. (Inherited from ConfigurationElement.)
Public property LoginUrlGets or sets the redirection URL for the request.
Public property NameGets or sets the cookie name.
Public property PathGets or sets the cookie path.
Protected property PropertiesGets the collection of properties. (Inherited from ConfigurationElement.)
Public property ProtectionGets or sets the encryption type used to encrypt the cookie.
Public property RequireSSLGets or sets a value indicating whether a Secure Sockets Layer (SSL) connection is required when transmitting authentication information.
Public property SlidingExpirationGets or sets the authentication sliding expiration.
Public property TicketCompatibilityModeGets or sets a value that indicates whether to use Coordinated Universal Time (UTC) or local time for the ticket expiration date.
Public property TimeoutGets or sets the authentication time-out.
Protected method DeserializeElementReads XML from the configuration file. (Inherited from ConfigurationElement.)
Public method EqualsCompares the current ConfigurationElement instance to the specified object. (Inherited from ConfigurationElement.)
Public method GetHashCodeGets a unique value representing the current ConfigurationElement instance. (Inherited from ConfigurationElement.)
Public method GetTypeGets the Type of the current instance. (Inherited from Object.)
Protected method InitSets the ConfigurationElement object to its initial state. (Inherited from ConfigurationElement.)
Protected method InitializeDefaultUsed to initialize a default set of values for the ConfigurationElement object. (Inherited from ConfigurationElement.)
Protected method IsModifiedIndicates whether this configuration element has been modified since it was last saved or loaded, when implemented in a derived class. (Inherited from ConfigurationElement.)
Public method IsReadOnlyGets a value indicating whether the ConfigurationElement object is read-only. (Inherited from ConfigurationElement.)
Protected method ResetResets the internal state of the ConfigurationElement object, including the locks and the properties collections. (Inherited from ConfigurationElement.)
Protected method ResetModifiedResets the value of the IsModified method to false when implemented in a derived class. (Inherited from ConfigurationElement.)
Protected method SerializeElementWrites the contents of this configuration element to the configuration file when implemented in a derived class. (Inherited from ConfigurationElement.)
Protected method SerializeToXmlElementWrites the outer tags of this configuration element to the configuration file when implemented in a derived class. (Inherited from ConfigurationElement.)
Protected method SetReadOnlySets the IsReadOnly property for the ConfigurationElement object and all subelements. (Inherited from ConfigurationElement.)
Public method ToStringReturns a string that represents the current object. (Inherited from Object.)
Protected method UnmergeModifies the ConfigurationElement object to remove all values that should not be saved. (Inherited from ConfigurationElement.)

The FormsAuthenticationConfiguration class provides a way to programmatically access and modify the forms element of a configuration authentication section.

This type is part of a group that includes the FormsAuthenticationCredentials,the FormsAuthenticationUserCollection, and the FormsAuthenticationUser types. The types other than the collection type directly affect the underlying configuration tags.


The FormsAuthenticationConfiguration can write information into the related section of the configuration file according to the restrictions defined by the section property AllowDefinition whose value is MachineToApplication. Any attempt to write in a configuration file at a level not allowed in the hierarchy will result in an error message generated by the parser. However, you can use this class to read configuration information at any level in the hierarchy. For safety and scalability, it is recommended that you use an external repository, such as a database, to keep the users' credentials.


The following code example shows how to obtain the FormsAuthenticationConfiguration object from the configuration file of an existing Web application. You can use this object to access its members. The configuration file will contain a setup similar to the following.

Note   If you use the credentials section, be sure to follow the guidelines explained at ASP.NET Authentication. For scalability and better security, it is recommended that you use an external database to store the users' credentials. For more information about building secure ASP.NET applications search the Microsoft MSDN Web site (msdn.microsoft.com) for "Securing Your ASP.NET Application" and "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication."

<authentication mode="Forms">
  <forms name="MyAppCookie" loginUrl="login.aspx"
    protection="Encryption" timeout="5" path="aspnetTest"
    cookieless="UseCookies" domain="domainName">
    <credentials passwordFormat="SHA1">
      <user name="aspnetuser1"
       <user name="aspnetuser2"
' Get the Web application configuration. 
  Dim configuration As System.Configuration.Configuration = _
  WebConfigurationManager.OpenWebConfiguration( _

' Get the external Authentication section. 
  Dim authenticationSection _
  As AuthenticationSection = _
  CType(configuration.GetSection( _
  "system.web/authentication"), AuthenticationSection)

' Get the external Forms section . 
  Dim formsAuthentication _
  As FormsAuthenticationConfiguration = _
// Get the Web application configuration.
            System.Configuration.Configuration configuration = 

            // Get the external Authentication section.
            AuthenticationSection authenticationSection = 

            // Get the external Forms section .
            FormsAuthenticationConfiguration formsAuthentication =
Version Information

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.