Calling the RedirectFromLoginPage method performs two actions. First, it creates a cookie on the user's browser that contains an Authentication Ticket. After this cookIE is set, the user can Access pages in directorIEs that require Forms authentication.
The RedirectFromLoginPage method also automatically redirects the user back to the page that sent him or her to the Login.ASPx page in the first place by using a browser redirect.
The RedirectFromLoginPage method redirects the user back to the page indicated by the ReturnUrl query string v
ariable. If the user links directly to the Login.ASPx page, the ReturnUrl query string variable doesn't have a value. In that case, the RedirectFromLoginPage redirects the user to the Default.ASPx page.
The authentication section in the Web.Config file can contain an optional forms element, which supports the following attributes:
loginUrl— The page where the user is automatically redirected when authentication is required. By default, users are redirected to the Login.ASPx page in the application root directory. However, you can change this attribute to point to any page that you please.
name— The name of the browser cookie that contains the Authentication Ticket. By default, the cookIE is named .ASPXAUTH. However, if you are configuring multiple applications on the same server, you should provide a unique cookIE name for each application.
timeout— The amount of time in minutes before a cookie expires. By default, this attribute has the value 30 minutes. This attribute does not apply to persistent cookIEs.
path— The path used for the cookIE. By default, this attribute has the value /.
protection— The way the cookIE data is protected. Possible values are All, None, Encryption, and Validation; the default value is All.
5
<configuration>
<system.web>
<authorization>
<allow verbs="POST" users="James,Mark" />
<deny verbs="POST" users="*" />
<allow verbs="GET" users="*" />
</authorization>
</system.web>
</configuration>
6
The identity of a user authenticated with Forms authentication is represented by the FormsIdentity class. You can use the following properties of this class to retrIEve information about an authenticated user:
AuthenticationType— Always returns the value Forms
IsAuthenticated— Indicates whether the user was authenticated
Name— Indicates the name of an authenticated user
Ticket— Specifies the cookIE Authentication Ticket associated with the current user
You can use the IsAuthenticated property to test whether this user has already been authenticated. If a user requests a page from a directory that requires authentication and then requests a page from a directory that does not require authentication, the IsAuthenticated property continues to return the value True.
The Name property returns the name associated with the current user. Again, after a user is authenticated once, the Name property continues to hold the username.
Finally, the Ticket property represents the Authentication Ticket. The FormsAuthenticationTicket class has the following propertIEs:
CookIEPath— The path of the Authentication Ticket cookIE.
Expired— A Boolean value indicating whether the current Authentication Ticket has expired.
IsPersistent— A value that indicates whether the Authentication Ticket is contained in a persistent cookIE.
IssueDate— The date and time the cookIE containing the Authentication Ticket was created.
Name— The username associated with the Authentication Ticket.
UserData— Custom data that you can include in the Authentication Ticket.
Version— An integer representing the version number of the Authentication Ticket. Currently, by default, this property always returns the value 1.
