<Forms Name="name"loginurl="URL"Defaulturl="URL"Protection="[all| none| encryption| Validation]"Timeout="[MM]"Path="Path"requireSSL="[True|false]"slidingexpiration="[True|false]">enablecrossappredirects="[True|false]"cookieless="[useuri| usecookie| Autodetect| UseDeviceProfile]"Domain="Domain name"Ticketcompatibilitymode="[framework20| FRAMEWORK40]"> <credentials>...</credentials> </forms>
- Name: Specifies the HTTP Cookie to use for authentication. If you are running multiple applications on a single server and each application requires a unique cookie, you must configure the cookie name in each application's Web. config file. The default value is ". Aspxauth ".
- Loginurl: Specifies that if no valid authentication Cookie is found, the request is redirected to the URL used for the login. The default value is Login.aspx.
- Defaulturl: Defines the default URL that is used for redirection after authentication. The default value is "default.aspx".
- Protection: Specifies the type of encryption (if any) that the Cookie uses. The default value is all.
- Timeout: Specifies the elapsed time (in integer minutes) before the Cookie expires. If the SlidingExpiration property is true, the Timeout property is a sliding value that expires after a specified time (in minutes) after the last request was received. To protect against performance and avoid multiple browser warnings to users who turn on cookie warnings, cookies are updated when the specified time is half past. This can lead to accuracy damage. The default value is "30" (30 minutes).
- Path: Specifies the path for the Cookie issued by the application. The default value is a slash (/), because most browsers are case-sensitive, and if the path case does not match, the browser does not send the Cookie back.
- requireSSL: Specifies whether an SSL connection is required to transmit an authentication Cookie. The default value is False.
- SlidingExpiration: Specifies whether the adjustable expiration time is enabled. Adjustable expiration Resets the current authentication time for the Cookie to expire when each request is received during a single session. The default value is True.
- enableCrossAppRedirects: Indicates whether the authenticated user is redirected to a URL in another WEB application. The default value is False.
- Cookieless: Defines the use of cookies and the behavior of cookies. The default value is UseDeviceProfile.
- Domain: Specifies an optional domain that is set in the outgoing Forms authentication Cookie. This setting has a higher precedence than the domain used in the httpcookies element. The default value is an empty string ("").
- Ticketcompatibilitymode: Specifies whether to use Coordinated Universal Time (UTC) or local time for the ticket expiration date in Forms authentication. The default value is Framework20.
Child elements
Credentials: Allows you to choose to define the name and password credentials in the configuration file. You can also implement a custom password schema to control validation using an external source, such as a database.
Configuration instructions for forms validation in Web. config