SlideShare a Scribd company logo

Forms authentication

Download as PPT, PDF
SNJ Chaudhary
SNJ Chaudhary

This document discusses forms authentication in ASP.NET. It shows how to store user credentials in the web.config file and authenticate users against those credentials. It also discusses hashing passwords for secure storage in web.config, creating persistent login cookies, and issues with storing credentials directly in web.config like lack of security and poor performance.

Engineering
1 of 18
Forms Authentication
Storing Password in web.config file <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" timeout="20"> <credentials passwordFormat="Clear"> <user name="Admin" password="(Admin1)"/> <user name="Mario" password="Szpuszta"/> <user name="Matthew" password="MacDonald"/> </credentials> </forms> </authentication>
Login code protected void LoginAction_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(UsernameTe xt.Text, PasswordText.Text)) { FormsAuthentication.RedirectFromLoginPage(User nameText.Text, false); }
Authenticate Method • Validates a user name and password against credentials stored in the configuration file for an application.
Hashing of Password • Password can not be plain text. • There are various Hashing mechanisms supported by asp.net. – MD5 – SHA1
HashPasswordForStoringInConfigFile Method • Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm. • It takes two parameters. • The first parameter specifies the clear-text password, and the second one specifies the hash algorithm you should use.
Example • string hashedPwd = FormsAuthentication.HashPasswordForStorin gInConfigFile(clearTextPassword, "SHA1"); • The result of the method call is the hashed version of the password. This result needs to be stored in the web.config
Store Hashed password in web.config file ConfigurationSectionGroup SystemWeb = MyConfig.SectionGroups["system.web"]; AuthenticationSection AuthSec = (AuthenticationSection)SystemWeb.Sections["auth entication"]; AuthSec.Forms.Credentials.Users.Add( new FormsAuthenticationUser(UsernameText.Text, PasswordText.Text)); MyConfig.Save()
Cookieless Forms Authentication • If you don’t want the runtime to use cookies, you configure this through the cookieless attribute of the <forms /> tag in the <authentication /> section
Example <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" cookieless=”AutoDetect” /> </authentication>
Cookiless Options
Cont
Is Web.config good place to store credentials ?
Problems with Web.Config • Potential lack of security. • No support for adding user-specific information. • Poor performance with a large number of users.
Persistent Cookie • Meaning of Creating Persistent cookie is that It will maintain user information across various browser sessions. • If cookie is persistent then even user closes browser and reopens it , the session would be running. • Session is killed only with use of SignOut Method.
Explicitly killing session • Persistent cookies are not affected by the timeout attribute that is set in the <forms> element of the web.config file. • If you want the persistent cookie to eventually expire sometime in the future, you have to use the GetAuthCookie() method of FormsAuthentication, set the expiry date and time
Example
Thank you

Recommended

Session,cookies
Session,cookiesSession,cookies
Session,cookiesrkmourya511
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3Neeraj Mathur
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_csshagilani
 
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessBuild 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Windows Developer
 
Nosql availability & integrity
Nosql availability & integrityNosql availability & integrity
Nosql availability & integrity
Fahri Firdausillah
 
Perl Development
Perl DevelopmentPerl Development
Perl Development
Mindfire Solutions
 
2310 b 11
2310 b 112310 b 11
2310 b 11Krazy Koder
 
Java swing
Java swingJava swing
Java swing
profbnk
 

Recommended

Session,cookies
Session,cookiesSession,cookies
Session,cookiesrkmourya511
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3Neeraj Mathur
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_csshagilani
 
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessBuild 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Windows Developer
 
Nosql availability & integrity
Nosql availability & integrityNosql availability & integrity
Nosql availability & integrity
Fahri Firdausillah
 
Perl Development
Perl DevelopmentPerl Development
Perl Development
Mindfire Solutions
 
2310 b 11
2310 b 112310 b 11
2310 b 11Krazy Koder
 
Java swing
Java swingJava swing
Java swing
profbnk
 
PyCologne
PyColognePyCologne
PyCologne
Andreas Schreiber
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prism
tombeuckelaere
 
2310 b 09
2310 b 092310 b 09
2310 b 09Krazy Koder
 
01 Ajax Intro
01 Ajax Intro01 Ajax Intro
01 Ajax Intro
Dennis Pipper
 
Oid structure
Oid structureOid structure
Oid structure
Remco Boksebeld
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of Genrocket
GenRocket
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
Talal Alsubaie
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application Server
Mark J. Feldman
 
Java/Swing
Java/SwingJava/Swing
Java/Swing
Momentum Design Lab
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Outputphanleson
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introduction
Tomi Juhola
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02PCC
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalk
Julien SIMON
 
C# Delegates
C# DelegatesC# Delegates
C# DelegatesRaghuveer Guthikonda
 
Inheritance
InheritanceInheritance
InheritanceRavi_Kant_Sahu
 
Applets
AppletsApplets
AppletsRavi Kant Sahu
 
Chapt 1 odbms
Chapt 1 odbmsChapt 1 odbms
Chapt 1 odbms
Sushil Kulkarni
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with java
Hawkman Academy
 
Chapter 19
Chapter 19Chapter 19
Chapter 19application developer
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
Vivek chan
 
Authentication
AuthenticationAuthentication
Authenticationsoon
 
Rolebased security
Rolebased securityRolebased security
Rolebased securitySudhanshu Kumar
 

More Related Content

Viewers also liked

PyCologne
PyColognePyCologne
PyCologne
Andreas Schreiber
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prism
tombeuckelaere
 
01 Ajax Intro
01 Ajax Intro01 Ajax Intro
01 Ajax Intro
Dennis Pipper
 
Oid structure
Oid structureOid structure
Oid structure
Remco Boksebeld
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of Genrocket
GenRocket
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
Talal Alsubaie
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application Server
Mark J. Feldman
 
Java/Swing
Java/SwingJava/Swing
Java/Swing
Momentum Design Lab
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Outputphanleson
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introduction
Tomi Juhola
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02PCC
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalk
Julien SIMON
 
Chapt 1 odbms
Chapt 1 odbmsChapt 1 odbms
Chapt 1 odbms
Sushil Kulkarni
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with java
Hawkman Academy
 

Viewers also liked (18)

PyCologne
PyColognePyCologne
PyCologne
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prism
 
2310 b 09
2310 b 092310 b 09
2310 b 09
 
01 Ajax Intro
01 Ajax Intro01 Ajax Intro
01 Ajax Intro
 
Oid structure
Oid structureOid structure
Oid structure
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of Genrocket
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application Server
 
Java/Swing
Java/SwingJava/Swing
Java/Swing
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Output
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introduction
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalk
 
C# Delegates
C# DelegatesC# Delegates
C# Delegates
 
Inheritance
InheritanceInheritance
Inheritance
 
Applets
AppletsApplets
Applets
 
Chapt 1 odbms
Chapt 1 odbmsChapt 1 odbms
Chapt 1 odbms
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with java
 

Similar to Forms authentication

08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
Vivek chan
 
Authentication
AuthenticationAuthentication
Authenticationsoon
 
James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"
IT Event
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
Julie Iskander
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii Framework
Tuan Nguyen
 
BITM3730Week7.pptx
BITM3730Week7.pptxBITM3730Week7.pptx
BITM3730Week7.pptx
MattMarino13
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Mani Chaubey
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
ZAIYAUL HAQUE
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
State management in ASP.NET
State management in ASP.NETState management in ASP.NET
State management in ASP.NET
Om Vikram Thapa
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5Tieturi Oy
 
Get and post,session and cookie
Get and post,session and cookieGet and post,session and cookie
Get and post,session and cookie
baabtra.com - No. 1 supplier of quality freshers
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
Programmer Blog
 
Cutting accounts down to scythe
Cutting accounts down to scytheCutting accounts down to scythe
Cutting accounts down to scythe
Chris John Riley
 
Authentication in Svelte using cookies.pptx
Authentication in Svelte using cookies.pptxAuthentication in Svelte using cookies.pptx
Authentication in Svelte using cookies.pptx
Knoldus Inc.
 

Similar to Forms authentication (20)

Chapter 19
Chapter 19Chapter 19
Chapter 19
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
Authentication
AuthenticationAuthentication
Authentication
 
Rolebased security
Rolebased securityRolebased security
Rolebased security
 
James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii Framework
 
BITM3730Week7.pptx
BITM3730Week7.pptxBITM3730Week7.pptx
BITM3730Week7.pptx
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookies
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
Tutorial asp.net
Tutorial asp.netTutorial asp.net
Tutorial asp.net
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
State management in ASP.NET
State management in ASP.NETState management in ASP.NET
State management in ASP.NET
 
16 cookies
16 cookies16 cookies
16 cookies
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
 
Get and post,session and cookie
Get and post,session and cookieGet and post,session and cookie
Get and post,session and cookie
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
 
Cutting accounts down to scythe
Cutting accounts down to scytheCutting accounts down to scythe
Cutting accounts down to scythe
 
Authentication in Svelte using cookies.pptx
Authentication in Svelte using cookies.pptxAuthentication in Svelte using cookies.pptx
Authentication in Svelte using cookies.pptx
 

Recently uploaded

Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
seandesed
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
Vijay Dialani, PhD
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 

Recently uploaded (20)

Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 

Forms authentication

  • 2. Storing Password in web.config file <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" timeout="20"> <credentials passwordFormat="Clear"> <user name="Admin" password="(Admin1)"/> <user name="Mario" password="Szpuszta"/> <user name="Matthew" password="MacDonald"/> </credentials> </forms> </authentication>
  • 3. Login code protected void LoginAction_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(UsernameTe xt.Text, PasswordText.Text)) { FormsAuthentication.RedirectFromLoginPage(User nameText.Text, false); }
  • 4. Authenticate Method • Validates a user name and password against credentials stored in the configuration file for an application.
  • 5. Hashing of Password • Password can not be plain text. • There are various Hashing mechanisms supported by asp.net. – MD5 – SHA1
  • 6. HashPasswordForStoringInConfigFile Method • Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm. • It takes two parameters. • The first parameter specifies the clear-text password, and the second one specifies the hash algorithm you should use.
  • 7. Example • string hashedPwd = FormsAuthentication.HashPasswordForStorin gInConfigFile(clearTextPassword, "SHA1"); • The result of the method call is the hashed version of the password. This result needs to be stored in the web.config
  • 8. Store Hashed password in web.config file ConfigurationSectionGroup SystemWeb = MyConfig.SectionGroups["system.web"]; AuthenticationSection AuthSec = (AuthenticationSection)SystemWeb.Sections["auth entication"]; AuthSec.Forms.Credentials.Users.Add( new FormsAuthenticationUser(UsernameText.Text, PasswordText.Text)); MyConfig.Save()
  • 9. Cookieless Forms Authentication • If you don’t want the runtime to use cookies, you configure this through the cookieless attribute of the <forms /> tag in the <authentication /> section
  • 10. Example <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" cookieless=”AutoDetect” /> </authentication>
  • 12. Cont
  • 13. Is Web.config good place to store credentials ?
  • 14. Problems with Web.Config • Potential lack of security. • No support for adding user-specific information. • Poor performance with a large number of users.
  • 15. Persistent Cookie • Meaning of Creating Persistent cookie is that It will maintain user information across various browser sessions. • If cookie is persistent then even user closes browser and reopens it , the session would be running. • Session is killed only with use of SignOut Method.
  • 16. Explicitly killing session • Persistent cookies are not affected by the timeout attribute that is set in the <forms> element of the web.config file. • If you want the persistent cookie to eventually expire sometime in the future, you have to use the GetAuthCookie() method of FormsAuthentication, set the expiry date and time