SlideShare une entreprise Scribd logo

Forms authentication

Télécharger en tant que PPT, PDF
SNJ Chaudhary
SNJ Chaudhary

Forms Authentication VT

Ingénierie
1  sur  18
Forms Authentication
Storing Password in web.config file <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" timeout="20"> <credentials passwordFormat="Clear"> <user name="Admin" password="(Admin1)"/> <user name="Mario" password="Szpuszta"/> <user name="Matthew" password="MacDonald"/> </credentials> </forms> </authentication>
Login code protected void LoginAction_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(UsernameTe xt.Text, PasswordText.Text)) { FormsAuthentication.RedirectFromLoginPage(User nameText.Text, false); }
Authenticate Method • Validates a user name and password against credentials stored in the configuration file for an application.
Hashing of Password • Password can not be plain text. • There are various Hashing mechanisms supported by asp.net. – MD5 – SHA1
HashPasswordForStoringInConfigFile Method • Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm. • It takes two parameters. • The first parameter specifies the clear-text password, and the second one specifies the hash algorithm you should use.
Example • string hashedPwd = FormsAuthentication.HashPasswordForStorin gInConfigFile(clearTextPassword, "SHA1"); • The result of the method call is the hashed version of the password. This result needs to be stored in the web.config
Store Hashed password in web.config file ConfigurationSectionGroup SystemWeb = MyConfig.SectionGroups["system.web"]; AuthenticationSection AuthSec = (AuthenticationSection)SystemWeb.Sections["auth entication"]; AuthSec.Forms.Credentials.Users.Add( new FormsAuthenticationUser(UsernameText.Text, PasswordText.Text)); MyConfig.Save()
Cookieless Forms Authentication • If you don’t want the runtime to use cookies, you configure this through the cookieless attribute of the <forms /> tag in the <authentication /> section
Example <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" cookieless=”AutoDetect” /> </authentication>
Cookiless Options
Cont
Is Web.config good place to store credentials ?
Problems with Web.Config • Potential lack of security. • No support for adding user-specific information. • Poor performance with a large number of users.
Persistent Cookie • Meaning of Creating Persistent cookie is that It will maintain user information across various browser sessions. • If cookie is persistent then even user closes browser and reopens it , the session would be running. • Session is killed only with use of SignOut Method.
Explicitly killing session • Persistent cookies are not affected by the timeout attribute that is set in the <forms> element of the web.config file. • If you want the persistent cookie to eventually expire sometime in the future, you have to use the GetAuthCookie() method of FormsAuthentication, set the expiry date and time
Example
Thank you

Recommandé

Session,cookies
Session,cookiesSession,cookies
Session,cookiesrkmourya511
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3Neeraj Mathur
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_csshagilani
 
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessBuild 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessWindows Developer
 
Nosql availability & integrity
Nosql availability & integrityNosql availability & integrity
Nosql availability & integrityFahri Firdausillah
 
Perl Development
Perl DevelopmentPerl Development
Perl DevelopmentMindfire Solutions
 
2310 b 11
2310 b 112310 b 11
2310 b 11Krazy Koder
 
Java swing
Java swingJava swing
Java swingprofbnk
 

Recommandé

Session,cookies
Session,cookiesSession,cookies
Session,cookiesrkmourya511
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3Neeraj Mathur
 
Aspnet auth advanced_cs
Aspnet auth advanced_csAspnet auth advanced_cs
Aspnet auth advanced_csshagilani
 
Build 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessBuild 2016 - P508 - Customizing Your Device Experience with Assigned Access
Build 2016 - P508 - Customizing Your Device Experience with Assigned AccessWindows Developer
 
Nosql availability & integrity
Nosql availability & integrityNosql availability & integrity
Nosql availability & integrityFahri Firdausillah
 
Perl Development
Perl DevelopmentPerl Development
Perl DevelopmentMindfire Solutions
 
2310 b 11
2310 b 112310 b 11
2310 b 11Krazy Koder
 
Java swing
Java swingJava swing
Java swingprofbnk
 
PyCologne
PyColognePyCologne
PyCologneAndreas Schreiber
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prismtombeuckelaere
 
2310 b 09
2310 b 092310 b 09
2310 b 09Krazy Koder
 
01 Ajax Intro
01 Ajax Intro01 Ajax Intro
01 Ajax IntroDennis Pipper
 
Oid structure
Oid structureOid structure
Oid structureRemco Boksebeld
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of GenrocketGenRocket
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2Talal Alsubaie
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application ServerMark J. Feldman
 
Java/Swing
Java/SwingJava/Swing
Java/SwingMomentum Design Lab
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Outputphanleson
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introductionTomi Juhola
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02PCC
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkJulien SIMON
 
C# Delegates
C# DelegatesC# Delegates
C# DelegatesRaghuveer Guthikonda
 
Inheritance
InheritanceInheritance
InheritanceRavi_Kant_Sahu
 
Applets
AppletsApplets
AppletsRavi Kant Sahu
 
Chapt 1 odbms
Chapt 1 odbmsChapt 1 odbms
Chapt 1 odbmsSushil Kulkarni
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with javaHawkman Academy
 
Chapter 19
Chapter 19Chapter 19
Chapter 19application developer
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
Authentication
AuthenticationAuthentication
Authenticationsoon
 
Rolebased security
Rolebased securityRolebased security
Rolebased securitySudhanshu Kumar
 

Contenu connexe

En vedette

Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prismtombeuckelaere
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of GenrocketGenRocket
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application ServerMark J. Feldman
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Outputphanleson
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introductionTomi Juhola
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02PCC
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkJulien SIMON
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with javaHawkman Academy
 

En vedette (18)

PyCologne
PyColognePyCologne
PyCologne
 
Introduction To Silverlight and Prism
Introduction To Silverlight and PrismIntroduction To Silverlight and Prism
Introduction To Silverlight and Prism
 
2310 b 09
2310 b 092310 b 09
2310 b 09
 
01 Ajax Intro
01 Ajax Intro01 Ajax Intro
01 Ajax Intro
 
Oid structure
Oid structureOid structure
Oid structure
 
5 Key Components of Genrocket
5 Key Components of Genrocket5 Key Components of Genrocket
5 Key Components of Genrocket
 
Ajax & ASP.NET 2
Ajax & ASP.NET 2Ajax & ASP.NET 2
Ajax & ASP.NET 2
 
Oracle 10g Application Server
Oracle 10g Application ServerOracle 10g Application Server
Oracle 10g Application Server
 
Java/Swing
Java/SwingJava/Swing
Java/Swing
 
Itp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & OutputItp 120 Chapt 19 2009 Binary Input & Output
Itp 120 Chapt 19 2009 Binary Input & Output
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introduction
 
Csc153 chapter 02
Csc153 chapter 02Csc153 chapter 02
Csc153 chapter 02
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalk
 
C# Delegates
C# DelegatesC# Delegates
C# Delegates
 
Inheritance
InheritanceInheritance
Inheritance
 
Applets
AppletsApplets
Applets
 
Chapt 1 odbms
Chapt 1 odbmsChapt 1 odbms
Chapt 1 odbms
 
Java 101 intro to programming with java
Java 101 intro to programming with javaJava 101 intro to programming with java
Java 101 intro to programming with java
 

Similaire à Forms authentication

08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Vivek chan
 
Authentication
AuthenticationAuthentication
Authenticationsoon
 
James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"IT Event
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii FrameworkTuan Nguyen
 
BITM3730Week7.pptx
BITM3730Week7.pptxBITM3730Week7.pptx
BITM3730Week7.pptxMattMarino13
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Mani Chaubey
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net applicationZAIYAUL HAQUE
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11Niit Care
 
State management in ASP.NET
State management in ASP.NETState management in ASP.NET
State management in ASP.NETOm Vikram Thapa
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5Tieturi Oy
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introductionProgrammer Blog
 
Cutting accounts down to scythe
Cutting accounts down to scytheCutting accounts down to scythe
Cutting accounts down to scytheChris John Riley
 
Sea surfing in asp.net mvc
Sea surfing in asp.net mvcSea surfing in asp.net mvc
Sea surfing in asp.net mvcmagda3695
 

Similaire à Forms authentication (20)

Chapter 19
Chapter 19Chapter 19
Chapter 19
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
Authentication
AuthenticationAuthentication
Authentication
 
Rolebased security
Rolebased securityRolebased security
Rolebased security
 
James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"James Allardice - "Building a better login with the credential management API"
James Allardice - "Building a better login with the credential management API"
 
ASP.NET Lecture 5
ASP.NET Lecture 5ASP.NET Lecture 5
ASP.NET Lecture 5
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii Framework
 
BITM3730Week7.pptx
BITM3730Week7.pptxBITM3730Week7.pptx
BITM3730Week7.pptx
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
Sessions n cookies
Sessions n cookiesSessions n cookies
Sessions n cookies
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
Tutorial asp.net
Tutorial asp.netTutorial asp.net
Tutorial asp.net
 
08 asp.net session11
08 asp.net session1108 asp.net session11
08 asp.net session11
 
State management in ASP.NET
State management in ASP.NETState management in ASP.NET
State management in ASP.NET
 
16 cookies
16 cookies16 cookies
16 cookies
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
 
Get and post,session and cookie
Get and post,session and cookieGet and post,session and cookie
Get and post,session and cookie
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
 
Cutting accounts down to scythe
Cutting accounts down to scytheCutting accounts down to scythe
Cutting accounts down to scythe
 
Sea surfing in asp.net mvc
Sea surfing in asp.net mvcSea surfing in asp.net mvc
Sea surfing in asp.net mvc
 

Dernier

CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 

Dernier (20)

Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 

Forms authentication

  • 2. Storing Password in web.config file <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" timeout="20"> <credentials passwordFormat="Clear"> <user name="Admin" password="(Admin1)"/> <user name="Mario" password="Szpuszta"/> <user name="Matthew" password="MacDonald"/> </credentials> </forms> </authentication>
  • 3. Login code protected void LoginAction_Click(object sender, EventArgs e) { if (FormsAuthentication.Authenticate(UsernameTe xt.Text, PasswordText.Text)) { FormsAuthentication.RedirectFromLoginPage(User nameText.Text, false); }
  • 4. Authenticate Method • Validates a user name and password against credentials stored in the configuration file for an application.
  • 5. Hashing of Password • Password can not be plain text. • There are various Hashing mechanisms supported by asp.net. – MD5 – SHA1
  • 6. HashPasswordForStoringInConfigFile Method • Produces a hash password suitable for storing in a configuration file based on the specified password and hash algorithm. • It takes two parameters. • The first parameter specifies the clear-text password, and the second one specifies the hash algorithm you should use.
  • 7. Example • string hashedPwd = FormsAuthentication.HashPasswordForStorin gInConfigFile(clearTextPassword, "SHA1"); • The result of the method call is the hashed version of the password. This result needs to be stored in the web.config
  • 8. Store Hashed password in web.config file ConfigurationSectionGroup SystemWeb = MyConfig.SectionGroups["system.web"]; AuthenticationSection AuthSec = (AuthenticationSection)SystemWeb.Sections["auth entication"]; AuthSec.Forms.Credentials.Users.Add( new FormsAuthenticationUser(UsernameText.Text, PasswordText.Text)); MyConfig.Save()
  • 9. Cookieless Forms Authentication • If you don’t want the runtime to use cookies, you configure this through the cookieless attribute of the <forms /> tag in the <authentication /> section
  • 10. Example <authentication mode="Forms"> <!-- Detailed configuration options --> <forms name="MyCookieName" loginUrl="DbLogin.aspx" cookieless=”AutoDetect” /> </authentication>
  • 12. Cont
  • 13. Is Web.config good place to store credentials ?
  • 14. Problems with Web.Config • Potential lack of security. • No support for adding user-specific information. • Poor performance with a large number of users.
  • 15. Persistent Cookie • Meaning of Creating Persistent cookie is that It will maintain user information across various browser sessions. • If cookie is persistent then even user closes browser and reopens it , the session would be running. • Session is killed only with use of SignOut Method.
  • 16. Explicitly killing session • Persistent cookies are not affected by the timeout attribute that is set in the <forms> element of the web.config file. • If you want the persistent cookie to eventually expire sometime in the future, you have to use the GetAuthCookie() method of FormsAuthentication, set the expiry date and time