Quicknote: Using ASP.NET Login Control When Storing Credentials in Web.Config

When creating simple web app’s outside of SharePoint that need authentication, I have always used the default ASP.NET membership provider (which in turn stores credentials in sql).

I recently wrote some code where sql was not on the box, and I hence embedded some credentials in the web.config file, as follows (note: normally I would encrypt the password in the web.config file):

<authentication mode=”Forms” >
  <forms loginUrl=”login.aspx” protection=”All” timeout=”30″>
    <credentials passwordFormat=”Clear”>
      <user name=”rob” password=”password”/>
    </credentials>
  </forms>
</authentication>
<authorization>
  <deny users=”?”/>
</authorization>

I naively expected that I would not need to do anything to the asp.net login control for this to work, however it didn’t – I needed to add the following code the authenticate event for my login control…

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
     if (FormsAuthentication.Authenticate(this.Login1.UserName, this.Login1.Password))   
     {       
         e.Authenticated = true;
     }
}

Related link: http://www.west-wind.com/WebLog/posts/233629.aspx

SharePoint: Saving Publishing Site As STP

Just a quicknote – the link in for saving a site as an stp is not exposed for publishing sites in moss. Im not sure on the reason for this, but found an interesting blogpost discussing this. You can get around this by typing the address http://[siteurltogohere]/_layouts/savetmpl.aspx or by saving a the template via sharepoint designer.

Saving the template as an stp seems to work, but there must be a reason why MS have tried to restrict access to this?