Forms Authentication Provider

Forms authentication generally refers to a system in which unauthenticated requests are redirected to an HTML form, using HTTP client-side redirection. Forms authentication is a good choice if your application needs to collect its own user credentials at logon time through HTML forms. The user provides credentials and submits the form. If the application authenticates the request, the system issues a cookie that contains the credentials or a key for reacquiring the identity. Subsequent requests are issued with the cookie in the request headers. The requests are authenticated and authorized by an ASP.NET event handler using whatever validation method the application specifies.

Note that forms authentication is often used for personalization, where content is customized for a known user. In some of these cases, identification is the issue rather than authentication, so it is enough merely to store the user name in a durable cookie and use that cookie to access the user's personalization information.

In This Section

• Using the FormsAuthenticationModule Class
  Describes how to use the FormsAuthenticationModule.
• Forms Authentication Control Flow
  Describes the control flow for the FormsAuthenticationModule.
• Forms Authentication Credentials
  Describes how to use Forms authentication credentials.
• Forms Authentication Utilities
  Describes how to use the forms authentication utilities.
• Handling FormsAuthentication Events
  Describes how to handle forms authentication events.
• Forms Authentication Across Applications
  Describes how to configure forms authentication in a distributed environment.

Related Sections

ASP.NET Web Application Security | ASP.NET Authentication