views:

207

answers:

1

Hello everyone,

I am developing on Windows Server 2008 with VSTS 2008 + C# + .Net 3.5 to develop an ASP.Net application using Forms authentication. I am learning Forms authentication from http://msdn.microsoft.com/en-us/library/aa480476.aspx

I have two basic questions,

  1. I think after call method "FormsAuthentication.SetAuthCookie", the user should be authenticated, why in step 9, it is said "9.The FormsAuthenticationModule class detects the forms authentication cookie and authenticates the user"? Seems we need authenticate user twice, both in step 6 (when we call FormsAuthentication.SetAuthCookie) and in step 9? If yes, why we need to authenticate user twice?

  2. In order to implement a custom Forms authentication (I have a custom user credential database which is used for Forms authentication), do I need to call 4 methods -- "new FormsAuthenticationTicket", "FormsAuthentication.Encrypt", new HttpCookie and Response.Cookies.Add(authCookie)? Or just need to call "FormsAuthentication.SetAuthCookie"?

thanks in advance, George

+2  A: 
  1. You perform step 6, the Forms Library module performs step 9.
  2. No, just call SetAuthCookie / RedirecterFormLogin.
Henk Holterman
Thanks Henk! If I am implementing a custom Forms authentication provider, besides implementing a customized version of ValidateUser method using my customized data source to match user name/password, then in order to implement the function in step 9, what additional code a custom Forms authentication provider needs to implement? BTW: I am confused what a customized Forms Authentication provider needs to do in Step 9, appreciate if you could describe to make it clear.
George2
Are you making an Authentication provider or a MemberShip provider?
Henk Holterman
Thanks Henk! Question answered!
George2