Again I come back with an old issue : Forms authentication.
Now in a Matthew MacDonald and Mario Szpuszta book I found a very nice diagram which beautifully explains how forms authentication is activated.
First the diagram:
Next the good reasons. As they described,
• You have full control over the authentication code.
• You have full control over the appearance of the login form.
• It works with any browser.
• It allows you to decide how to store user information.
Now the steps how you’ll proceed
1. Configure forms authentication in the web.config file.
2. Configure IIS to allow anonymous access to the virtual directory, and configure ASP.NET to
restrict anonymous access to the web application.
3. Create a custom login page that collects and validates a user name and password and then
interacts with the forms authentication infrastructure for creating the ticket.
Here I’d like to add one thing, if are not keen on configuring IIS it’s no problem. ASP.NET, itself will tackle the issue fantastically. So first of all you need to add this code to web.config,
This is the most basic part. After this step, you can create your own provider class in web.config, you can add profile to keep tracks of the users etc. But that is entirely other aspects.