Answer 1)
Forms authentication uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site. The forms authentication ticket is usually contained inside a cookie. However, ASP.NET version 2.0 supports cookieless forms authentication, which results in the ticket being passed in a query string.
If the user requests a page that requires authenticated access and that user has not previously logged on to the site, then the user is redirected to a configured loginUrl under authentication section of web.config.
This processing is handled by the FormsAuthenticationModule class, which is an HTTP module that participates in the regular ASP.NET page-processing cycle and intercepts every request to the website. If it fails to find valid authentication ticket, it will redirect to the logon page.
The logon page prompts the user to supply credentials, typically a user name and password. These credentials are then passed to the server and validated against a user store, such as a SQL Server database or XML. After the user's credentials are authenticated, we have to issue Forms authentication ticket before we redirected the user to the originally requested page. If you redirect the user without issuing Forms authentication ticket, FormsAuthenticationModule will again takes the user to login page as it fails to find valid ticket.
We can issue Forms authentication ticket in multiple ways beside on requirement
- Using FormsAuthentication.RedirectFromLoginPage
[CODE=cs]if (objUserBLL.Validate(txtUser.Text, txtPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, false);
}
[/CODE]
- Using FormsAuthentication.SetAuthCookie
[CODE=cs]if (objUserBLL.Validate(txtUser.Text, txtPassword.Text))
{
string Role = objUserBLL.GetUserRole(txtUser.Text);
if (Role.Equals("JobSeeker"))
{
FormsAuthentication.SetAuthCookie(txtUser.Text, false);
Response.Redirect("~/JobSeeker/Dashboard.aspx");
}
else if (Role.Equals("Recruiter"))
{
FormsAuthentication.SetAuthCookie(txtUser.Text, false);
Response.Redirect("~/Recruiter/Dashboard.aspx");
}
}
[/CODE]
For more information about Forms Authentication, check MSDN Explained: Forms Authentication in ASP.NET 2.0
|