<!-- Web.Config Configuration File -->

<configuration>

<system.web>

<customErrors mode="Off"/>

<authentication mode="Forms">

<forms name=".COOKIEDEMO"

loginUrl="login.aspx"

protection="All"

timeout="30"

path="/">

<credentials passwordFormat="Clear">

<user name="login1" password="password1"/>

<user name="login2" password="password2"/>

</credentials>

</forms>

</authentication>

<authorization>

<deny users="?" />

</authorization>

</system.web>

</configuration>

login.aspx:

<%@Page Language="VB" %>

<%@Import Namespace="System.Web.Security" %>

<script language="VB" runat="server">

Sub ProcessLogin(objSender As Object, objArgs As EventArgs)

If FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text) Then

FormsAuthentication.RedirectFromLoginPage(txtUser.Text, chkPersistLogin.Checked)

Else

ErrorMessage.InnerHtml = "<b>Incorrect username or password...</b> please re-enter your credentials..."

End If

End Sub

</script>

<html>

<head>

<title>Standard Forms Authentication Login Form</title>

</head>

<body bgcolor="#FFFFFF" text="#000000">

<form runat="server">

<table width="400" border="0" cellspacing="0" cellpadding="0">

<tr>

<td width="80">Username : </td>

<td width="10">&nbsp;</td>

<td><asp:TextBox Id="txtUser" width="150" runat="server"/></td>

</tr>

<tr>

<td>Password : </td>

<td width="10">&nbsp;</td>

<td><asp:TextBox Id="txtPassword" width="150" TextMode="Password" runat="server"/></td>

</tr>

<tr>

<tr>

<td></td>

<td width="10">&nbsp;</td>

<td><asp:CheckBox id="chkPersistLogin" runat="server" />Remember my credentials<br>

</td>

</tr>

<tr>

<td>&nbsp;</td>

<td width="10">&nbsp;</td>

<td><asp:Button Id="cmdLogin" OnClick="ProcessLogin" Text="Login" runat="server" /></td>

</tr>

</table>

<br>

<br>

<div id="ErrorMessage" runat="server" />

</form>

</body>

</html>

default.aspx:

<%@Page Language="VB" %>

<%@Import Namespace="System.Web.Security" %>

<script language="vb" runat="server">

Sub SignOut(objSender As Object, objArgs As EventArgs)

'delete the users auth cookie and sign out

FormsAuthentication.SignOut()

'redirect the user to their referring page

Response.Redirect(Request.UrlReferrer.ToString())

End Sub

Sub Page_Load()

'verify authentication

If User.Identity.IsAuthenticated Then

'display Credential information

displayCredentials.InnerHtml = "Current User : <b>" & User.Identity.Name & "</b>" & _

"<br><br>Authentication Used : <b>" & User.Identity.AuthenticationType & "</b>"

Else

'Display Error Message

displayCredentials.InnerHtml = "Sorry, You have not been authenticated."

End If

End Sub

</script>

<html>

<head>

<title>Forms Authentication</title>

</head>

<body bgcolor="#FFFFFF" text="#000000">

<span class="Header">Forms Based Authentication using standard method</span>

<br>

<br>

<div id="displayCredentials" runat="server" />

<br>

<br>

<form runat="server">

<asp:Button id="cmdSignOut" text="Sign Out" runat="server" onClick="SignOut" />

</form>

</body>

</html>

SUGGESTION: For any instance where a web.config file is required, we suggest that you place your related scripts into a separate directory so as not to inadvertently overwrite a currently active web.config file. In the above example, we suggest placing all 3 files in a separate directory of its own.