Share via


authentication Element (ASP.NET Settings Schema)

Configures the ASP.NET authentication scheme that is used to identify users who view an ASP.NET application.

<authentication 
   mode="[Windows|Forms|Passport|None]"
> 
   <forms>...</forms>
   <passport/>
</authentication>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

mode

Required attribute.

Specifies the default authentication mode for an application. This attribute can be one of the following values.

Value Description

Windows

Specifies Windows authentication as the default authentication mode. Use it with any form of Microsoft Internet Information Services (IIS) authentication: Basic, Digest, Integrated Windows authentication (NTLM/Kerberos), or certificates. In this case, your application delegates the authentication responsibility to the underlying IIS.

Forms

Specifies ASP.NET forms–based authentication as the default authentication mode.

Passport

Specifies Microsoft Passport Network authentication as the default authentication mode.

None

Specifies no authentication. Your application expects only anonymous users or the application provides its own authentication.

The default is Windows.

Child Elements

Element Description

forms

Configures an ASP.NET application for custom forms–based authentication.

passport

Specifies the page to redirect to, if the page requires authentication and the user has not signed on with Microsoft Passport Network authentication.

Parent Elements

Element Description

configuration

Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.

system.web

Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

Remarks

The authentication element configures the ASP.NET authentication scheme for an ASP.NET application. The authentication scheme determines how to identify users who want to view the ASP.NET application. The mode attribute specifies the authentication scheme. For more information about available authentication schemes, see ASP.NET Authentication.

Default Configuration

The following default authentication element is not explicitly configured in the Machine.config or the root Web.config file. However, it is the default configuration that is returned by the application in the .NET Framework version 2.0.

<authentication mode="Windows">
   <forms 
      name=".ASPXAUTH" 
      loginUrl="login.aspx" 
      defaultUrl="default.aspx" 
      protection="All" 
      timeout="30" 
      path="/" 
      requireSSL="false" 
      slidingExpiration="true" 
      cookieless="UseDeviceProfile" domain="" 
      enableCrossAppRedirects="false">
      <credentials passwordFormat="SHA1" />
   </forms>
   <passport redirectUrl="internal" />
</authentication>

The following default authentication element is configured in the Machine.config file in the .NET Framework version 1.1.

<authentication mode="Windows">
   <forms 
      name=".ASPXAUTH" 
      loginUrl="login.aspx" 
      protection="All"  
      timeout="30" 
      path="/" 
      requireSSL="false" 
      slidingExpiration="true">
      <credentials passwordFormat="SHA1"></credentials>
   </forms>
   <passport redirectUrl="internal" />
</authentication>

The following default authentication element is configured in the Machine.config file in the .NET Framework version 1.0.

<authentication mode="Windows">
   <forms 
      name=".ASPXAUTH" 
      loginUrl="login.aspx" 
      protection="All"  
      timeout="30" 
      path="/" >
      <credentials passwordFormat="SHA1"></credentials>
   </forms>
   <passport redirectUrl="internal" />
</authentication>

Example

The following code example demonstrates how to configure a site for forms-based authentication, specify the name of the cookie that transmits logon information from the client, and specify the name of the logon page to use, if initial authentication fails. You need to include an authorization section to require forms authentication by all users and to deny anonymous users access to the site.

<configuration>
   <system.web>
      <authentication mode="Forms">
         <forms name="401kApp" loginUrl="/login.aspx"/>
      </authentication>
      <authorization>
         <deny users="?"/>
      </authorization>
   </system.web>
</configuration>

Element Information

Configuration section handler

AuthenticationSection

Configuration member

AuthenticationMode

Configurable locations

Machine.config

Root-level Web.config

Application-level Web.config

Requirements

Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0

The .NET Framework version 1.0, 1.1, or 2.0

Microsoft Visual Studio 2003 or Visual Studio 2005

See Also

Tasks

How to: Configure Specific Directories Using Location Settings
How to: Lock ASP.NET Configuration Settings

Reference

system.web Element (ASP.NET Settings Schema)
forms Element for authentication (ASP.NET Settings Schema)
passport Element for authentication (ASP.NET Settings Schema)
configuration Element (General Settings Schema)
System.Configuration
System.Web.Configuration
AuthenticationSection

Concepts

ASP.NET Configuration File Hierarchy and Inheritance
Securing ASP.NET Configuration
ASP.NET Configuration Scenarios

Other Resources

ASP.NET Authentication
General Configuration Settings (ASP.NET)
ASP.NET Configuration Settings
Configuring ASP.NET Applications
ASP.NET Configuration Files
ASP.NET Configuration API