SlideShare a Scribd company logo

Forms authentication

Download as PPT, PDF
SNJ Chaudhary
SNJ Chaudhary

Forms Authentication VT

Engineering
1 of 18
Forms Authentication
Storing Password in web.config file <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" timeout="20"> <credentials passwordFormat="Clear"> <user name="Admin" password="(Admin1)"/> <user name="Mario" password="Szpuszta"/> <user name="Matthew" password="MacDonald"/> </credentials> </forms> </authentication>
Login code protected void LoginAction_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(UsernameTe xt.Text, PasswordText.Text)) { FormsAuthentication.RedirectFromLoginPage(User nameText.Text, false); }
Authenticate Method • Validates a user name and password against credentials stored in the configuration file for an application.
Hashing of Password • Password can not be plain text. • There are various Hashing mechanisms supported by asp.net. – MD5 – SHA1
HashPasswordForStoringInConfigFile Method • Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm. • It takes two parameters. • The first parameter specifies the clear-text password, and the second one specifies the hash algorithm you should use.
Example • string hashedPwd = FormsAuthentication.HashPasswordForStorin gInConfigFile(clearTextPassword, "SHA1"); • The result of the method call is the hashed version of the password. This result needs to be stored in the web.config
Store Hashed password in web.config file ConfigurationSectionGroup SystemWeb = MyConfig.SectionGroups["system.web"]; AuthenticationSection AuthSec = (AuthenticationSection)SystemWeb.Sections["auth entication"]; AuthSec.Forms.Credentials.Users.Add( new FormsAuthenticationUser(UsernameText.Text, PasswordText.Text)); MyConfig.Save()
Cookieless Forms Authentication • If you don’t want the runtime to use cookies, you configure this through the cookieless attribute of the <forms /> tag in the <authentication /> section
Example <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" cookieless=”AutoDetect” /> </authentication>
Cookiless Options
Cont
Is Web.config good place to store credentials ?
Problems with Web.Config • Potential lack of security. • No support for adding user-specific information. • Poor performance with a large number of users.
Persistent Cookie • Meaning of Creating Persistent cookie is that It will maintain user information across various browser sessions. • If cookie is persistent then even user closes browser and reopens it , the session would be running. • Session is killed only with use of SignOut Method.
Explicitly killing session • Persistent cookies are not affected by the timeout attribute that is set in the <forms> element of the web.config file. • If you want the persistent cookie to eventually expire sometime in the future, you have to use the GetAuthCookie() method of FormsAuthentication, set the expiry date and time
Example
Thank you

Recommended

Session,cookies
Session,cookiesSession,cookies
Session,cookies
rkmourya511
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3
Neeraj Mathur
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_cs
shagilani
 
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessBuild 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Windows Developer
 
Nosql availability & integrity
Nosql availability & integrityNosql availability & integrity
Nosql availability & integrity
Fahri Firdausillah
 
Perl Development
Perl DevelopmentPerl Development
Perl Development
Mindfire Solutions
 
2310 b 11
2310 b 112310 b 11
2310 b 11
Krazy Koder
 
Java swing
Java swingJava swing
Java swing
profbnk
 

Recommended

Session,cookies
Session,cookiesSession,cookies
Session,cookies
rkmourya511
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3
Neeraj Mathur
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_cs
shagilani
 
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessBuild 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Windows Developer
 
Nosql availability & integrity
Nosql availability & integrityNosql availability & integrity
Nosql availability & integrity
Fahri Firdausillah
 
Perl Development
Perl DevelopmentPerl Development
Perl Development
Mindfire Solutions
 
2310 b 11
2310 b 112310 b 11
2310 b 11
Krazy Koder
 
Java swing
Java swingJava swing
Java swing
profbnk
 
PyCologne
PyColognePyCologne
PyCologne
Andreas Schreiber
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prism
tombeuckelaere
 
2310 b 09
2310 b 092310 b 09
2310 b 09
Krazy Koder
 
01 Ajax Intro
01 Ajax Intro01 Ajax Intro
01 Ajax Intro
Dennis Pipper
 
Oid structure
Oid structureOid structure
Oid structure
Remco Boksebeld
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of Genrocket
GenRocket
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
Talal Alsubaie
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application Server
Mark J. Feldman
 
Java/Swing
Java/SwingJava/Swing
Java/Swing
Momentum Design Lab
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Output
phanleson
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introduction
Tomi Juhola
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02
PCC
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalk
Julien SIMON
 
C# Delegates
C# DelegatesC# Delegates
C# Delegates
Raghuveer Guthikonda
 
Inheritance
InheritanceInheritance
Inheritance
Ravi_Kant_Sahu
 
Applets
AppletsApplets
Applets
Ravi Kant Sahu
 
Chapt 1 odbms
Chapt 1 odbmsChapt 1 odbms
Chapt 1 odbms
Sushil Kulkarni
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with java
Hawkman Academy
 
Chapter 19
Chapter 19Chapter 19
Chapter 19
application developer
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
Vivek chan
 
Authentication
AuthenticationAuthentication
Authentication
soon
 
Rolebased security
Rolebased securityRolebased security
Rolebased security
Sudhanshu Kumar
 

More Related Content

Viewers also liked

Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Output
phanleson
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02
PCC
 

Viewers also liked (18)

PyCologne
PyColognePyCologne
PyCologne
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prism
 
2310 b 09
2310 b 092310 b 09
2310 b 09
 
01 Ajax Intro
01 Ajax Intro01 Ajax Intro
01 Ajax Intro
 
Oid structure
Oid structureOid structure
Oid structure
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of Genrocket
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application Server
 
Java/Swing
Java/SwingJava/Swing
Java/Swing
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Output
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introduction
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalk
 
C# Delegates
C# DelegatesC# Delegates
C# Delegates
 
Inheritance
InheritanceInheritance
Inheritance
 
Applets
AppletsApplets
Applets
 
Chapt 1 odbms
Chapt 1 odbmsChapt 1 odbms
Chapt 1 odbms
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with java
 

Similar to Forms authentication

08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
Vivek chan
 
Authentication
AuthenticationAuthentication
Authentication
soon
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
Mani Chaubey
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
Niit Care
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
Tieturi Oy
 
Sea surfing in asp.net mvc
Sea surfing in asp.net mvcSea surfing in asp.net mvc
Sea surfing in asp.net mvc
magda3695
 

Similar to Forms authentication (20)

Chapter 19
Chapter 19Chapter 19
Chapter 19
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
Authentication
AuthenticationAuthentication
Authentication
 
Rolebased security
Rolebased securityRolebased security
Rolebased security
 
James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii Framework
 
BITM3730Week7.pptx
BITM3730Week7.pptxBITM3730Week7.pptx
BITM3730Week7.pptx
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookies
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
Tutorial asp.net
Tutorial asp.netTutorial asp.net
Tutorial asp.net
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
State management in ASP.NET
State management in ASP.NETState management in ASP.NET
State management in ASP.NET
 
16 cookies
16 cookies16 cookies
16 cookies
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
 
Get and post,session and cookie
Get and post,session and cookieGet and post,session and cookie
Get and post,session and cookie
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
 
Cutting accounts down to scythe
Cutting accounts down to scytheCutting accounts down to scythe
Cutting accounts down to scythe
 
Sea surfing in asp.net mvc
Sea surfing in asp.net mvcSea surfing in asp.net mvc
Sea surfing in asp.net mvc
 

Recently uploaded

Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
jaanualu31
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 

Recently uploaded (20)

Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 

Forms authentication

  • 2. Storing Password in web.config file <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" timeout="20"> <credentials passwordFormat="Clear"> <user name="Admin" password="(Admin1)"/> <user name="Mario" password="Szpuszta"/> <user name="Matthew" password="MacDonald"/> </credentials> </forms> </authentication>
  • 3. Login code protected void LoginAction_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(UsernameTe xt.Text, PasswordText.Text)) { FormsAuthentication.RedirectFromLoginPage(User nameText.Text, false); }
  • 4. Authenticate Method • Validates a user name and password against credentials stored in the configuration file for an application.
  • 5. Hashing of Password • Password can not be plain text. • There are various Hashing mechanisms supported by asp.net. – MD5 – SHA1
  • 6. HashPasswordForStoringInConfigFile Method • Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm. • It takes two parameters. • The first parameter specifies the clear-text password, and the second one specifies the hash algorithm you should use.
  • 7. Example • string hashedPwd = FormsAuthentication.HashPasswordForStorin gInConfigFile(clearTextPassword, "SHA1"); • The result of the method call is the hashed version of the password. This result needs to be stored in the web.config
  • 8. Store Hashed password in web.config file ConfigurationSectionGroup SystemWeb = MyConfig.SectionGroups["system.web"]; AuthenticationSection AuthSec = (AuthenticationSection)SystemWeb.Sections["auth entication"]; AuthSec.Forms.Credentials.Users.Add( new FormsAuthenticationUser(UsernameText.Text, PasswordText.Text)); MyConfig.Save()
  • 9. Cookieless Forms Authentication • If you don’t want the runtime to use cookies, you configure this through the cookieless attribute of the <forms /> tag in the <authentication /> section
  • 10. Example <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" cookieless=”AutoDetect” /> </authentication>
  • 12. Cont
  • 13. Is Web.config good place to store credentials ?
  • 14. Problems with Web.Config • Potential lack of security. • No support for adding user-specific information. • Poor performance with a large number of users.
  • 15. Persistent Cookie • Meaning of Creating Persistent cookie is that It will maintain user information across various browser sessions. • If cookie is persistent then even user closes browser and reopens it , the session would be running. • Session is killed only with use of SignOut Method.
  • 16. Explicitly killing session • Persistent cookies are not affected by the timeout attribute that is set in the <forms> element of the web.config file. • If you want the persistent cookie to eventually expire sometime in the future, you have to use the GetAuthCookie() method of FormsAuthentication, set the expiry date and time