Y'all can configure forms authentication in your spider web.config file. Every web.config file includes the <authentication /> configuration section and you accept to configure this section with the values Forms:

Best VPN for Developers

<authentication mode="Forms">

<!– Detailed configuration options –>

</authentication>

The <authentication /> configuration is limited to the superlative-level web.config file of your application. If the way attribute is prepare to Forms, ASP.Net loads and activates the FormsAuthenticationModule, which does most of the work for you. The previous configuration uses default settings for forms hallmark that are hard-coded into the ASP.NET runtime. You lot tin can override any default settings by adding settings to the <organization.web> section of the machine.config file. You lot tin can override these default settings in your awarding past specifying additional settings in the <forms /> kid tag of this department. The following code snippet shows the consummate set of options for the forms tag:

<authentication mode="Forms">

<!– Detailed configuration options –>

<forms name="MyCookieName"

loginUrl="DbLogin.aspx"

timeout="twenty″

slidingExpiration="true"

cookieless="AutoDetect"

protection="All"

requireSSL="imitation"

enableCrossAppRedirects="fake"

defaultUrl="MyDefault.aspx"

domain="www.mydomain.com"

path="/" />

</authentication>

The properties are listed in the order you lot tin can employ them in most cases. The adjacent table describes the details of these backdrop and their default configuration.

Option Default

Description

name .ASPXAUTH

The name of the HTTP cookie to use for authentication. If multiple applications are running on the aforementioned web server, you lot should give each application's security cookie a unique name.
loginUrl login.aspx

Defines which page the user should be redirected to in society to log into the application. This could be a page in the root folder of the application, or it could exist in a subdirectory.
timeout xxx

The number of minutes before the authentication cookie expires. ASP.Internet volition refresh the cookie when information technology receives a asking, as long as half of the cookie's lifetime has expired. The expiry of cookies is a pregnant business organisation. If cookies expire too often, users volition have to log in often, and the usability of your application may suffer. If they expire also seldom, you run a greater risk of cookies being stolen and misused.
slidingExpiration true

This attribute enables or disables sliding expiration of the authentication cookie. If enabled, the expiration of an hallmark cookie will be reset by the runtime with every request a user submits to the page. This means with every request the expiration of the cookie will be extended.
cookieless UseDeviceProfile

Allows you to specify whether the runtime uses cookies for sending the forms authentication ticket to the client. Possible options are AutoDetect, UseCookies, UseUri, and UseDeviceProfile.
protection All

Allows yous to specify the level of protection for the authentication cookie. The option All encrypts and signs the authentication cookie. Other possible options are None, Encryption (encrypts simply), and Validation (signs just).
requireSSL false

If set to true, this property has the effect that the browser but doesn't transmit the cookie if SSL is not enabled on the web server. Therefore, forms authentication will not work in this case if SSL is not activated on the web server.
enableCrossAppRedirects false

Enables cross-application redirects when using forms authentication for different applications on your server. Of course, this makes sense just if both applications rely on the same credential store and utilize the same gear up of users and roles.
defaultUrl default.apsx

If the FormsAuthenticationModule redirects a request from the user to the login folio, it includes the originally requested folio when calling the login page. Therefore, when returning from the login page, the module can use this URL for a redirect after the credentials take been validated successfully. Simply what if the user browses to the login folio directly? This selection specifies the folio to redirect to if the user accesses the login page directly past typing its URL into the address bar of the browser.
domain <empty string>

Specifies the domain for which this cookie is valid. Overriding this property is useful if y'all want to enable the cookie to exist used for more applications on your web server.
path /

The path for cookies issued by the application. The default value (/) is recommended, because case mismatches can forbid the cookie from being sent with a request.