Forms Authentication In Asp.Net 2.0 3.5 4.0

Forms Authentication in ASP.NET 2.0, 3.5, 4.0 With Folder Level Access And Multiple Web.Config Files is technique to decide how users can access your web application. Using forms authentication we can decide certain users can access only certain pages or we can control the anonymous access, we can implement folder level access And roles.

we can manage formsAuthentication through web.config file

Read my article on implementing FormsAuthentication Ticket And Managing Roles

1. First of all create a new website and add a new form , name it Login.aspx
Drag login control on it from the toolbox
Make sure you have a web.config file in root of your application

2. Right click on solution explorer and add new folder , name it membersArea
Add a new from and name it members.aspx
Add a web.config file in this folder.

Now to implement Forms Authentication we need to configure web.config file (in the application root)

For this we need to add Authentication and Authorization tags inside <system.web> tag of web.config

<authentication mode="Forms">
<forms defaultUrl="Default.aspx" loginUrl="~/Login.aspx"
slidingExpiration="true" timeout="20">

Now To restrict access to the membersonly page which is inside membersonly folder so that only members can access this page we need to create a another web.config file inside this folder to provide it's access rules
In this web.config write this inside <system.web> tag
<deny users="?"/>

Now for login process and checking the username and password we need to write this code, double click on the login control placed on the Login.aspx page, it will generate Login1_Authenticate event
protected void Login1_Authenticate
(object sender, AuthenticateEventArgs e)
bool isMember = AuthenticateUser(Login1.UserName, Login1.Password,

if (isMember)

And this for checking username and password, i m using hard coded values
private bool AuthenticateUser(string userName, string password, bool rememberUserName)
string userName = "amiT";
string password = "password";

if (userName.Equals(userName) && password.Equals(password))
return true;
return false;

If you like this post than join us or share


amiT jaiN said...


Cherukuri Venkateswarlu said...

This is really simple and easy to understand.

muppidodu said...

Simple & Nice.

robertwharvey said...

Ugh. What's up with the popup web banners that you can't get rid of, which obscure the content?

Are you kidding me?

meet_to_hot said...

nice authentication ... its greate

Anonymous said...

What if I will view the second page without login? How will I avoid that? (E.g. in yahoo mail, authenticating the username and password.) I will not go to the next page until I input the username and password

Admin said...

Hi though this article provides nice basic start
I would like to see forms authentication in detail

Anonymous said...

Error 1 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. C:\Documents and Settings\HAREKRISHNA\My Documents\Visual Studio 2008\WebSites\WebSite12\membersArea\Web.config 14

amiT jaiN said...

@Above: Please refer AllowDefinition MachineToApplication Beyond Application Level Error for solution to this error

Find More Articles