Set up form authentication in an ASP.NET webforms website

ASP.NET websites support more authentication types, but probably the most used is form authentication. This kind of authentication requires a database containing information about users and roles and some changes in web.config for enabling membership and roles.  But let’s take this step by step.

1. Set-up the database

Locate the “aspnet_regsql.exe” file in “C:\Windows\Microsoft.NET\Framework\v4.0.30319” folder (note that folder can be different, depending on your installed .NET version). This is a small application which is setting your database for form authentication.

ASP.NET Register SQL

Once you enter all required information on the second step, you can set the connection to the database in web.config. In “configuration” section add connection string to database you have set-up before. Adapt code below your situation and set correct username, password and server location.

    <add name="authenticationConnection" connectionString="Data Source=ServerName\SqlServer;Initial Catalog=authentication;User ID=Username;Password=Password" providerName="System.Data.SqlClient" />

2. Set-up web.config

To enable form authentication on website you need to add some settings in web.config, all of them being placed in “system.web” section.

    <!-- Roles -->
    <roleManager enabled="true" defaultProvider="RoleProvider">
        <add name="RoleProvider"
             type="System.Web.Security.SqlRoleProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

    <!-- Membership -->
    <membership defaultProvider="FormMembershipProvider">
      <providers >
        <add name="FormMembershipProvider"
              type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              connectionStringName="authenticationConnection" enablePasswordRetrieval="false" enablePasswordReset="true" />

    <!-- Set auth form location and default url if no one is specified when site is accessed -->
   <authentication mode="Forms">
      <forms defaultUrl="/Default.aspx" loginUrl="/Login.aspx"></forms>

3. Set roles and usernames

This is the easiest step. Open your website with Visual Studio and to go to ASP.NET Configuration command.

ASP.NET Configuration

Your browser will open configuration pages for your websites. Choose security tab and start to set roles and some users.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s