< authentication mode="Forms " >

< forms loginUrl="Login.aspx" >

<credentials>

< user name="Joe" password="Smith" / >

< / credentials >

forms >

< / authentication >


You will see some new tags and attributes above lets explain all of them:

The tag forms has an attribute loginUrl which is the url of the page the users will be redirected if they try to access an authorized page. In this case we have given the url as Login.aspx which means that if some user is trying to access some page and he is not signed in he will be redirected to the Login.aspx page.

Later we have the credentials tag which has attributes username and password. The username and password is simply the username and password for a particular user. All the usernames and passwords that are present in the web.config files tag will be authorized to user the pages.

You can have multiple user name and password stored in a single web.config file. As you can see in the code below I have stored 2 username and their passwords:

< authentication mode="Forms" >

< / credentials >

Okay so now you got the username and passwords stored in the web.config file and now you want to authenticate the user depending on the credentials present in the web.config file. Let's set one more thing up which is the authorization tags in the web.config file.

< authorization>

< / authorization >

The deny users = "?" means that all the other users whose name is not present in the web.config file must not be able to access the pages.

Lets make a simple login screen that lets the user enter his credentials:

Suppose you are too lazy to change your page name from WebForm1 to Login.aspx. Now if you run the page you will see an error that there is no Login.aspx page. You will be surprised that what is asp.net looking for Login.aspx page. The reason is that because you told the Asp.net that the login page will be named Login.aspx remember: