In Brief

This chapter discussed how to secure an ASP.NET Web site with Forms-Based Authentication:

• Although Forms-Based Authentication is a capability of ASP.NET, C#Builder makes it easy to add authentication and authorization to an application. Applicable files, such as web.config and Global.asax, are added to an ASP.NET project when the C#Builder wizard is first run. These files are modifiable from within the C#Builder IDE.

• For open security on the Internet, the preferred method in ASP.NET is to use Forms-Based Authentication. Windows authentication is platform-specific, and Passport authentication may not be the open solution that some organizations prefer. Forms-Based Authentication is easy to use and allows authentication of any visitor, regardless of platform.

• Authenticating individual users may be done via URL authorization through a configuration file or with a server database. Forms-Based Authentication provides types that make the authentication process easy.

• With Forms-Based Authentication, users may also be authenticated by roles. Roles are controlled via a special authorization element in a configuration file. Users are associated with roles via processing a special application request handler. Either an entire site, portions of a site, or individual Web pages may be protected with Forms-Based Authentication.