Configuring forms authentication

Copy to clipboard

With forms authentication, the application stores user names and passwords in the database. Forms authentication is the default option when signing in to the Xperience administration interface.

Configuring forms authentication for multiple web projects

The forms authentication uses standard ASP.NET forms authentication and its settings, which you can find in your application’s web.config file:




<system.web>
 ...
   <authentication mode="Forms">
     <forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" />
   </authentication>
 ...
<system.web>

If you are running multiple web projects in virtual directories, and the projects have the same machine key defined, users signing in to one of the applications will be automatically signed in to instances running on other projects. To prevent that, add the path parameter to the above code in each project, as in the following example:




<authentication mode="Forms">
   <forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" path="KenticoXperience" />
</authentication>

Additional configuration options related to user passwords may also be defined in the system, as described in Securing user accounts and passwords.