Assembly: System.Web (in system.web.dll)
The FormsAuthenticationConfiguration class provides a way to programmatically access and modify the forms element of a configuration authentication section.
This type is part of a group that includes the FormsAuthenticationCredentials,the FormsAuthenticationUserCollection, and the FormsAuthenticationUser types. The types other than the collection type directly affect the underlying configuration tags.
The FormsAuthenticationConfiguration can write information into the related section of the configuration file according to the restrictions defined by the section property AllowDefinition whose value is MachineToApplication. Any attempt to write in a configuration file at a level not allowed in the hierarchy will result in an error message generated by the parser. However, you can use this class to read configuration information at any level in the hierarchy. For safety and scalability, it is recommended that you use an external repository, such as a database, to keep the users' credentials.
The following code example shows how to obtain the FormsAuthenticationConfiguration object from the configuration file of an existing Web application. You can use this object to access its members. The configuration file will contain a setup similar to the following.
Note If you use the credentials section, be sure to follow the guidelines explained at ASP.NET Authentication. For scalability and better security, it is recommended that you use an external database to store the users' credentials. For more information about building secure ASP.NET applications search the Microsoft MSDN Web site (msdn.microsoft.com) for "Securing Your ASP.NET Application" and "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication."
<authentication mode="Forms"> <forms name="MyAppCookie" loginUrl="login.aspx" defaultUrl="default.aspx" protection="Encryption" timeout="5" path="aspnetTest" slidingExpiration="false" cookieless="UseCookies" domain="domainName"> <credentials passwordFormat="SHA1"> <user name="aspnetuser1" password="5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/> <user name="aspnetuser2" password="E38AD214943DAAD1D64C102FAEC29DE4AFE9DA3D"/> </credentials> </forms> </authentication>
// Get the Web application configuration. System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("/aspnetTest"); // Get the external Authentication section. AuthenticationSection authenticationSection = (AuthenticationSection)configuration.GetSection( "system.web/authentication"); // Get the external Forms section . FormsAuthenticationConfiguration formsAuthentication = authenticationSection.Forms;
Other Resourcesauthentication Element (ASP.NET Settings Schema)
forms Element for authentication (ASP.NET Settings Schema)
credentials Element for forms for authentication (ASP.NET Settings Schema)
Forms Authentication Provider
Forms Authentication Across Applications