/*By Jiangong SUN*/
To implement a form authentication, you need add the following code in web.config:
<system.web>
<authentication mode="Forms">
<forms loginUrl="logon.aspx" timeout="60" enableCrossAppRedirects="true" name=".ASPXFORMSAUTH">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
enableCrossAppRedirects means authenticated users in this application can be redirected to other applications as authenticated too.
<deny users="?" /> means that unauthenticated users (represented by "?") are denied access to resources in this application.
In default page:
protected void Page_Load(object sender, EventArgs e)
{
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);
CookiesManager.RemoveAll();
FormsAuthentication.SignOut();
Response.Redirect("Logon.aspx");
}
HttpContext.Current.Response.Cache.SetCacheability(HttpCacheability.NoCache);set no browser cache.
FormsAuthentication.SignOut(); will remove authentication information from cookie for current user.
CookiesManager.RemoveAll(); will remove browser cookies for this application
<div id="Fieldsetcontent">
<asp:Login ID="LoginPage" runat="server" DisplayRememberMe="False" TitleText="" OnLoggingIn="Page_LogIn" />
</div>
In Login.aspx.cs
protected void Page_LogIn(object sender, LoginCancelEventArgs e)
{
//Authentication code
}