Forms authentication

A system by which unauthenticated requests are redirected to an HTML form using HTTP client-side redirection. The following example grants access to Kim and members of the Admins role, while denying it to John and all anonymous users:

<configuration>             <system.web>                       <authentication mode="Forms">                                 <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />                        </authentication>                        <authorization>                              <allow users="Ravi"/>                              <allow roles="Admins"/>                              <allow verb="POST" users="Kumar"/>                              <deny users="Preethi"/>                               <deny users="?"/>                        </authorization>              </system.web>      <location path="secureservice.asmx">            <system.web>                <authorization>                         <allow users="Administrator"/>                         <allow users="DOMAIN\Bradley"/>                </authorization>          </system.web>     </location> </configuration>

* - Refers to all identities ? - Refers to the anonymous identity

After validating the credentials

if ((UserEmail.Value == "someone@www.contoso.com") && (UserPass.Value == "password"))            {                  FormsAuthentication.RedirectFromLoginPage(UserEmail.Value, PersistCookie.Checked);           }

FormsAuthentication.SignOut method. This removes the authentication cookie regardless of whether it is temporary or permanent.