Securing location of an asp.net website with password protection while allowing anonymous users to the rest of the site.
The application can then call FormsAuthentication.Authenticate, supplying the username and password, and ASP.NET will verify the credentials. Credentials can be stored in cleartext, or as SHA1 or MD5 hashes, according to the following values of the passwordFormat attribute:
Hash Type Description
Clear Passwords are stored in cleartext
SHA1 Passwords are stored as SHA1 digests
MD5 Passwords are stored as MD5 digests
Usage
<authentication> <credentials;passwordformat="SHA1"> <user name="Mary" password="GASDFSA9823598ASDBAD"> <user name="John" password="ZASDFADSFASD23483142"> </credentials> </authentication>
if (FormsAuthentication.Authenticate(this.Login1.UserName, this.Login1.Password)) FormsAuthentication.RedirectFromLoginPage(this.Login1.UserName, false);Web.config
<configuration> <system.web> <compilation batch="false" debug="true" defaultlanguage="c#"> <authentication mode="Forms"> <forms name="cornerstone" defaulturl="admin/admin.aspx" timeout="20" protection="All" loginurl="admin/login.aspx" path="/"> <credentials passwordformat="Clear"> <user name="user1" password="password1"> <user name="user2" password="password2"> </credentials> </forms> </authentication> <authorization> <allow users="*"> </authorization> </system.web> <location path="admin"> <system.web> <authorization> <deny users="?"> </authorization> </system.web> </location> <configuration>
