Form Authentication in Asp.Net 3.5 Example - C#


Form Authentication in Asp.Net 3.5 Example - C# Custom Authentication

Application security is the use of software, hardware, and procedural methods to protect applications from external threats. There are following security features available in asp .net:

ASP.Net Authentication
Authentication is the process of identifying an individual, usually based on a username and password and verifying that user is allowed to access some restricted services or web form like Login page example. http Authentication is essential to effective security.

So authentication is the process of ensuring the user's identity and authenticity. ASP .Net allows four types of authentication system:-
  • Windows Authentication 
  • Forms Authentication
  • Passport Authentication
  • Custom Authentication
ASP.Net Authorization
Authorization is the process of defining and allotting specific roles to specific users.
  • Confidentiality :- It involves encrypting the channel between the client's browser and the web server.
  • Integrity :- It involves maintaining the integrity of data. For example, implementing digital signature.

    Web Forms Authentication : Login Example

    In this article demonstrates how to implement forms-based authentication by using a user name and password web form validation. Form based authentication uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site.
    form based authentication,form based authentication example,http authentication, web form validation, asp login page example,c# code examples user authentication
    The forms authentication ticket is usually contained inside a cookie. Forms authentication processing is handled by the FormsAuthenticationModule class, which is an HTTP module that participates in the regular ASP.NET page-processing cycle. Find the below c# code snippet :-

    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs" Inherits="login" %>
    <!DOCTYPE html>
    <html xmlns="">
    <head runat="server">
        <title>ASP.Net Custom Authentication Forms Based Security</title>
        <link href="css/structure.css" rel="stylesheet" />
        <script type="text/javascript">
            function pageValid(e) {
                var obj = document.getElementById('txtUserName');
                if (obj.value == '') {
                    alert('Please enter username.');
                    window.event ? event.returnValue = false : e.preventDefault();
                obj = document.getElementById('txtPassword');
                if (obj.value == '') {
                    alert('Please enter password.');
                    window.event ? event.returnValue = false : e.preventDefault();
        <form id="form1" runat="server" class="box login" defaultbutton="btnGo">
            <div class="boxBody">
                <div class="login_area">

                        <asp:TextBox ID="txtUserName" runat="server" CssClass="username" MaxLength="20"></asp:TextBox>
                        <asp:TextBox ID="txtPassword" runat="server" CssClass="password" TextMode="Password" MaxLength="15"></asp:TextBox>
                    <div class="go_botton" id="dvBtn">
                        <asp:Button ID="btnGo" Text="Login" class="btnLogin" onmousedown="mousedwnevt();" onmouseup="mouseupevt();" runat="server" OnClientClick="pageValid(event);" OnClick="btnLogin_Click" />



    protected void btnLogin_Click(object sender, EventArgs e)
            string userName = txtUserName.Text.Trim();
            string password = txtPassword.Text.Trim();

            string clientIP = Request.UserHostAddress;
            DateTime loginDate = DateTime.Now;

            string userAgent = Request.Browser.Browser + "-" + Request.Browser.Version;
                UserDetails objUser = UserManagement.getUserDetails(userName);

                if (objUser == null)
                    ShowAlert("User does not have right to use application");

                if (!objUser.IsActive)
                    ShowAlert("This user is currently deactivated. Please contact system administrator");

                if (password.Trim() == objUser.UserPassword)
                    UserManagement.InsertUserLogin(objUser.UserId, loginDate, clientIP, Session.SessionID);

                    objUser.UserHost = clientIP;
                    objUser.UserBrowser = userAgent;

                    Session["UserDetails"] = objUser;

                    FormsAuthentication.SetAuthCookie(txtUserName.Text, false);

                    if (objUser.PreviligeId == 0)
                        ShowAlert("No rights to login into application");
                        Response.Redirect("main.aspx", false);

                    ShowAlert("Please enter valid username or password");
            catch (Exception exp)
                ShowAlert("An application error occured during user login.");

        public void ShowAlert(string alertMsg)
            ScriptManager.RegisterStartupScript(this, this.GetType(), "msg", "alert('" + alertMsg.Replace(",", "") + "');", true);



    <authentication mode="Forms">
          <forms name="_browserData" loginUrl="login.aspx" timeout="30">
            <!--<credentials passwordFormat="Clear">
          <deny users="?" />

        </authorization> authentication and authorization, net forms, aspnet form, formauthentication, authentication demo

    I hope you will enjoy the development tip while implementing custom forms authentication. I would like to have feedback from my blog readers. Your valuable feedback, question, or comments about this article are always welcome. Also If you like this article, don't forget to share this article with your friends and colleagues.
    Form Authentication in Asp.Net 3.5 Example - C# Reviewed by Ravi Kumar on 6:47 PM Rating: 5

    No comments:

    All Rights Reserved by Etechpulse © 2012 - 2017

    Contact Form


    Email *

    Message *

    Powered by Blogger.