- Set related sections in web.config:
<authentication
mode="Forms" >
<forms
loginUrl="Login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
- Put different kinds of files into different folders. This is because: before being visited, some files need users to login in, while others needn't.
- Set related sections in web.config to realize the function which is described in the 2nd point.
<system.web>
…
<authorization>
<allow
users="*" />
</authorization>
</system.web>
<location
path="Admin">
<system.web>
<authorization>
<deny
users="?" />
</authorization>
</system.web>
</location>
<location
path="Admin/NeedNotLogin.aspx">
<system.web>
<authorization>
<allow
users="*" />
</authorization>
</system.web>
</location>
- Write codes in clicking event of the login button:
protected
void btnLogin_Click(object sender, EventArgs e)
{
if( ValidateUser( txtUserName.Text , txtPassword.Text ))
{
HttpCookie authenticationCookie=FormsAuthentication.GetAuthCookie(txtUserName.Text,true);
authenticationCookie.Expires=DateTime.Now.AddDays(3);//three days.
Response.Cookies.Add(authenticationCookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,true));
}
else
{
Response.Write("invalid user!");
}
}