Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Authenticate Method

FormsAuthentication::Authenticate Method

Note: This API is now obsolete.

Validates a user name and password against credentials stored in the configuration file for an application.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

[ObsoleteAttribute(L"The recommended alternative is to use the Membership APIs, such as Membership.ValidateUser. For more information, see http://go.microsoft.com/fwlink/?LinkId=252463.")]
public:
static bool Authenticate(
	String^ name, 
	String^ password
)

Parameters

name
Type: System::String

The user name.

password
Type: System::String

The password for the user.

Return Value

Type: System::Boolean
true if the user name and password are valid; otherwise, false.

The Authenticate method verifies user credentials that are stored in the credentials section of the application configuration file. Alternatively, you can use ASP.NET membership to store user credentials and call the ValidateUser to verify the credentials. For more information, see Managing Users by Using Membership.

For improved security, you can encrypt passwords stored in the configuration file for an application by using the HashPasswordForStoringInConfigFile method.

The following code example shows user credentials stored in the Web.config file for an application. The password values have been hashed using the HashPasswordForStoringInConfigFile method.

<authentication mode="Forms">

<forms loginUrl="login.aspx">

<credentials passwordFormat="SHA1">

<user name="user1" password="27CE4CA7FBF00685AF2F617E3F5BBCAFF7B7403C" />

<user name="user2" password="D108F80936F78DFDD333141EBC985B0233A30C7A" />

<user name="user3" password="7BDB09781A3F23885CD43177C0508B375CB1B7E9"/>

</credentials>

</forms>

</authentication>

The following code example shows a login page that uses the Authenticate method to validate user credentials.

Security noteSecurity Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

No code example is currently available or this language may not be supported.

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1
Obsolete (compiler warning) in 4.6
Obsolete (compiler warning) in 4.6
Obsolete (compiler warning) in 4.5
Obsolete (compiler warning) in 4.5.1
Obsolete (compiler warning) in 4.5.2
Show:
© 2015 Microsoft