Quicknote: Using ASP.NET Login Control When Storing Credentials in Web.Config

When creating simple web app’s outside of SharePoint that need authentication, I have always used the default ASP.NET membership provider (which in turn stores credentials in sql).

I recently wrote some code where sql was not on the box, and I hence embedded some credentials in the web.config file, as follows (note: normally I would encrypt the password in the web.config file):

<authentication mode=”Forms” >
  <forms loginUrl=”login.aspx” protection=”All” timeout=”30″>
    <credentials passwordFormat=”Clear”>
      <user name=”rob” password=”password”/>
  <deny users=”?”/>

I naively expected that I would not need to do anything to the asp.net login control for this to work, however it didn’t – I needed to add the following code the authenticate event for my login control…

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
     if (FormsAuthentication.Authenticate(this.Login1.UserName, this.Login1.Password))   
         e.Authenticated = true;

Related link: http://www.west-wind.com/WebLog/posts/233629.aspx

You May Also Like

About the Author: rnowik

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.