Using Forms Authentication
Forms authentication uses an HTML form–based login interface. The user supplies her credentials, typically a username and password, via the form. The credentials are authenticated against some authority, such as a database or XML file of users. When authenticated, a cookie is issued to the client. On each subsequent request, the cookie is appended to the request header. On each request, the user is authenticated and, if she is authorized for the requested resource, the requested resource is returned to the client. Listing 15.3 shows the security section of the web.config file to enable Forms Authentication.
Listing 15.3. Enabling Forms Authentication
01: <authentication mode="Forms"> 02: <forms name="MyApp" loginUrl="PDDWA/C15/CSharp/login.aspx"> ...