Skip Navigation Links


Forms Base Authentication

Attributes to set Forms Base Authentication
Forms-Based Authentication On default ASP.Net application if you do not specify timeout it is set to 30 minutes. Well it seems to short for me so I want to make it longer. If you already have added ASP.Net Membership and Role Management Service then added following on your web.config, here is note to better understand attributes of

name

This name is assigned to the cookie saved in order to remember the user from requested. The default value is .ASPXAUTH

loginUrl

Specifies the URL to which the request is redirected for login if no valid authentication cookie is found. The default value is Login.aspx

protection

Specifies the amount of protection you want to apply to the authentication cookie. The four available settings are; All: The application uses both data validation and encryption to protect the cookie. This is the default setting. None: Applies no encryption to the cookie Encryption: The cookie is encrypted but data validation is not performed on it. Cookies used in this manner might be subjected to plain text attacks. Validation: The opposite of the Encryption setting. Data validation is performed, but the cookie is not encrypted.

path

Specifies the path for cookies issued by the application. In most cases you want to use /, which is the default setting.

timeout

Specifies the amount of time, in minutes, after which the cookie expires. The default value is 30

cookieless

Specifies whether the forms-based authentication process should use cookies when working with the authentication/authorization process.

defaultUrl

Specifies the default URL.

domain

Specifies the domain name to be sent with forms authentication cookies.

slidingExpiration

Specifies whether to apply a sliding expiration to the cookie, If set to True, the expiration of the cookie is reset with each request made to the server. The default value is False.

enableCrossAppRedirect

Specifies whether to allow for cross-application redirection.

requireSSL

Specifies whether a Secure Sockets Layer(SSL) connection is required when transmitting authentication information.

All this ll come in usable when we are building web application that requires user authentications. 

<authentication mode="Forms">
  <forms loginUrl="pgeLogin001.aspx" timeout="1440" cookieless="AutoDetect" requireSSL="false" path="/"/>
</authentication>
Tag: Security Authentication
By: syantien | 12/30/2009 8:07:44 PM / 12/30/2009 8:13:30 PM

Comment

gregory

From: gregory
jYVLwz http://jf4Gqm84hEQsl0dy2Pu3b.org
Updated: 3/4/2010 5:17:05 PM

Comment

Name
 

Title

Email

Comment
 

Your IP Address is: 38.107.191.82

* to keep comments safe and clean, we display and keep your ip address.