ASP.Net user authentication by using user name and password - Forms Authentication

What is Forms Authentication is ASP.Net?

If you needs to validate your own users authentication by providing user name and password, you have to establish a security settings on asp.net forms or each page request. To implement this mechanism ASP.Net provides an infrastructure is called  Forms authentication. The main advantage of Forms Authentication is, the basic user information, such as user name and password is stored in an encrypted authentication cookie (ticket). Forms Authentication is a token or ticket based system. When user log in, the basic user information should store on the token. So you can control the anonymous user access by implementing the token system.

How Forms Authentication works? 

When a user request an ASP.Net page, then ASP.Net run time verifies whether the forms authentication token is available, if not available, ASP.Net automatically redirect the user to a login page. If authentication token (cookie) is available, ASP.Net login page validate the user credentials and if the user successfully validate then redirect the user to the requested page.

Here you could find an example, how to implement a simple form based authentication.

How to exclude a page from Forms Authentication?

To exclude a page from forms authentication, you can use the <location> tag in web.config file. For example, (Please click on image to enlarge)

Here, registration.aspx page would be excluded from forms authentication. If you want to exclude a group of pages from forms authentication, you can add a folder name instead of a page name in the location path tag.

What is State Management in Asp.Net?

Importance of State Management

Effective state management will provide users a seamless experience on your web site. For example, if your website maintaining multiple user roles, such as admin, manager, employee. When a user login as employee, the website have to maintain that role till the user sign out from the site. If your website not maintaining the state or data, the user may be need to provide his login credentials for each page request. Hence, good state management will provide richness on you website. ASP.Net providing various techniques to manage state information.

How Asp.net manages user's state?

ASP.NET provides multiple ways to manage user's state in your applications. Either you can manage client-side or server-side. In client-side state management the data stores on the client's side computer by browser cookie or the browser's cache. ASP.Net have various techniques for storing state information or data on client side, these includes, View State, Cookies, Query String, Hidden Fields and Control State. In server-side state management the user's information stored on server's memory or a database. ASP.Net Provides three techniques to store state data on the server, these are Application State, Session State and Profile Properties. These techniques help you to share state information between pages without sending data to the client.

Hope you understand the importance of state management and how ASP.Net manages user's state. I will give you more details about each state management techniques in feature blogs.

What is Post Back in ASP.Net?

PostBack, is a common method of sending data back to the web server as part of your request from a web client application (browser). For example, while you click on a button, the button control will initiate a PostBack event. Then, the state (data) of this button control and all other controls on the page will send back (posted back) to the web server through a GET or POST HTTP request. If the page is loading first time the PostBack event will not occur, meantime the value of IsPostBack property would be false. If the page is being loaded in response to a client postback, then the value of IsPostBack property would be true. While PostBack event triggers, the page control's properties will load from ViewState. 

User could verify that if the PostBack event will fire or not by validating the IsPostBack property on the page's Page_Load function. For example,

private void Page_Load()
{
    if (!IsPostBack)
    {
        // Validate initially to force asterisks
        // to appear before the first roundtrip.
        Validate();
    }
}

You could use "AutoPostBack" property to configure some web server controls PostBack events. The AutoPostBack property for a control is used to change whether that control’s default event causes an automatic PostBack to the server. 

For more details about Request and Response, click onWhat is a Request and Response?

What is Common Language Runtime (CLR)?

CLR is Common Language Runtime and it forms the heart of the .NET framework. The responsibility of CLR is to take care of the code execution of the program. The responsibilities of CLR are,

Code Access Security

CAS grants rights to program depending on the security configuration of the machine. Example, the program has rights to edit or create a new file but the security configuration of machine does not allow the program to delete a file.

Garbage Collection

CLR automatically manages memory. When objects are not referred garbage collection automatically release that memories thus providing efficient memory management.

Code Verification

This ensures proper code execution and type safety while the code runs. It prevents the source code to perform illegal operation such as accessing invalid memory locations etc.

IL( Intermediate language )-to-native translators and optimizer

CLR uses JIT (Just In Time) compiler and compiles the IL code to machine code and then executes.

For more about Asp.Net Page life-cycle, click on Explain ASP.Net Page life-cycle events

What is a Request and Response?

The communication from Web browser (Web Client) to the Web server is referred to as a Request. In ASP.NET, there is a Request object that is used to represent the Web browser's communication to the Web server. It wraps the resource request in an object that can be queried in code. This includes providing your code access to things like the cookies associated with your site, the query string parameters passed on the URL, the path to the request, and more.

The communication from the Web server back to the Web browser is commonly referred to as the Response. In ASP.NET this information is wrapped in the Response object. You can use this object to set cookies, define caching, set session expiration, and so on. When the Web server responds to a request, it uses what it finds in the Response object to write the actual, text-based HTTP response.

What is HTTP (Hypertext Transfer Protocol)?

HTTP is a text-based communication protocol which is used to request web pages (client) from the web server and send responses back to the web browser (client). HTTP messages are typically sent between the Web server and Web browser using port 80 or port 443 when using Secure HTTP (HTTPS).