Share via

<authentication> Element

  • Article

Configures ASP.NET authentication support. This element can be declared only at the machine, site, or application level. Any attempt to declare it in a configuration file at the subdirectory or page level will result in a parser error message.

<configuration>
   <system.web>
**      <authentication>**

<authentication mode="Windows|Forms|Passport|None">
   <forms name="name"
          loginUrl="url" 
          protection="All|None|Encryption|Validation"
          timeout="30" path="/" >
          requireSSL="true|false"
          slidingExpiration="true|false">
      <credentials passwordFormat="Clear|SHA1|MD5">
         <user name="username" password="password"/>
      </credentials>
   </forms>
   <passport redirectUrl="internal"/>
</authentication>

Required Attribute

Attribute Option Description
mode     Controls the default authentication mode for an application.
    Windows Specifies Windows authentication as the default authentication mode. Use this mode when using any form of Microsoft Internet Information Services (IIS) authentication: Basic, Digest, Integrated Windows authentication (NTLM/Kerberos), or certificates.
    Forms Specifies ASP.NET forms-based authentication as the default authentication mode.
    Passport Specifies Microsoft Passport authentication as the default authentication mode.
    None Specifies no authentication. Only anonymous users are expected or applications can handle events to provide their own authentication.

Subtags

Subtag Description
<forms> Configures an ASP.NET application for custom forms-based authentication.
<passport> Specifies the page to redirect to if the page requires authentication and the user has not signed on with Passport.

Example

The following example configures a site for forms-based authentication, specifies the name of the cookie that transmits logon information from the client, and specifies the name of the logon page to use if initial authentication fails. You need to include an <authorization> section to require forms authentication by all users and to deny anonymous users access to the site.

<configuration>
   <system.web>
      <authentication mode="Forms">
         <forms name="401kApp" loginUrl="/login.aspx"/>
      </authentication>
      <authorization>
         <deny users="?"/>
      </authorization>
   </system.web>
</configuration>

Requirements

Contained Within: <system.web>

Web Platform: IIS 5.0, IIS 5.1, IIS 6.0

Configuration File: Machine.config, Web.config

Configuration Section Handler: System.Web.Configuration.AuthenticationConfigHandler

See Also

ASP.NET Configuration | ASP.NET Settings Schema