Now that your application knows that you are using forms-based security, you need to start configuring the application to handle authentication the way you want.
One thing I must mention now is that the techniques discussed in this chapter require that the client’s machine be running a cookie-capable and -enabled browser. If this is in question, you need to fabricate an alternate method for authentication. Cookies are required for ASP.NET form-based authentication.
The next thing I want to address is the next tag in the Web.Config file. This is called the <forms> tag and is to be located inside the <authentication> tag. It has four attributes that I’ll cover: name, loginURL, protection, and timeout.