Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
FormsAuthenticationModule Class
Collapse the table of content
Expand the table of content

FormsAuthenticationModule Class

Sets the identity of the user for an ASP.NET application when forms authentication is enabled. This class cannot be inherited.

System.Object
  System.Web.Security.FormsAuthenticationModule

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public sealed class FormsAuthenticationModule : IHttpModule

The FormsAuthenticationModule type exposes the following members.

  NameDescription
Public methodFormsAuthenticationModuleInitializes a new instance of the FormsAuthenticationModule class.
Top

  NameDescription
Public methodDisposeReleases all resources, other than memory, used by the FormsAuthenticationModule.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodInitInitializes the FormsAuthenticationModule object.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

  NameDescription
Public eventAuthenticateOccurs when the application authenticates the current request.
Top

The FormsAuthenticationModule sets the current HttpContext.User property to an IPrincipal object that represents the user identity for the current request when the authentication Mode is set to Forms in the authentication Element (ASP.NET Settings Schema) element of the application's configuration file.

The FormsAuthenticationModule exposes an Authenticate event that enables you to provide a custom IPrincipal object for the User property of the current HttpContext. The Authenticate event is accessed by specifying a subroutine named FormsAuthentication_OnAuthenticate in the Global.asax file for your ASP.NET application.

NoteNote

In IIS 7.0, using the WindowsAuthenticationModule with the FormsAuthenticationModule is not supported. For more information about compatibility issues in Integrated modes, see Moving an ASP.NET Application from IIS 6.0 to IIS 7.0.

The following example uses the FormsAuthentication_OnAuthenticate event to set the User property of the current HttpContext to a custom IPrincipal object.

public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
{
  if (FormsAuthentication.CookiesSupported)
  {
    if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
    {
      try
      {
        FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(
          Request.Cookies[FormsAuthentication.FormsCookieName].Value);

        args.User = new System.Security.Principal.GenericPrincipal(
          new Samples.AspNet.Security.MyFormsIdentity(ticket),
          new string[0]);
      }
      catch (Exception e)
      {
        // Decrypt method failed.
      }
    }
  }
  else
  {
    throw new HttpException("Cookieless Forms Authentication is not " +
                            "supported for this application.");
  }
}

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0, 1.1

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2015 Microsoft