Appendix . How To: Create GenericPrincipal Objects with Forms Authentication

Applications that use Forms authentication will often want to use the GenericPrincipal class (in conjunction with the FormsIdentity class), to create a non-Windows specific authorization scheme, independent of a Windows domain.

For example, an application may:

  • Use Forms authentication to obtain user credentials (user name and password).

  • Validate the supplied credentials against a data store; for example, a database or Microsoft® Active Directory® directory service.

  • Create GenericPrincipal and FormsIdentity objects based on values retrieved from the data store. These may include a user’s role membership details.

  • Use these objects to make authorization decisions.

This How To ...

Get Building Secure Microsoft® ASP.NET Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.