Quicknote: Using ASP.NET Login Control When Storing Credentials in Web.Config

When creating simple web app’s outside of SharePoint that need authentication, I have always used the default ASP.NET membership provider (which in turn stores credentials in sql).

I recently wrote some code where sql was not on the box, and I hence embedded some credentials in the web.config file, as follows (note: normally I would encrypt the password in the web.config file):

<authentication mode=”Forms” >
  <forms loginUrl=”login.aspx” protection=”All” timeout=”30″>
    <credentials passwordFormat=”Clear”>
      <user name=”rob” password=”password”/>
    </credentials>
  </forms>
</authentication>
<authorization>
  <deny users=”?”/>
</authorization>

I naively expected that I would not need to do anything to the asp.net login control for this to work, however it didn’t – I needed to add the following code the authenticate event for my login control…

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
     if (FormsAuthentication.Authenticate(this.Login1.UserName, this.Login1.Password))   
     {       
         e.Authenticated = true;
     }
}

Related link: http://www.west-wind.com/WebLog/posts/233629.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>