Configuring forms authentication

With forms authentication, the application stores user names and passwords in the database and requires users to register on your site before they can sign in. Forms authentication is the default option in Kentico.

To allow users to register and sign in on your live site, you need to add the following web parts onto your site:

• Registration form (see Using the Registration form and Custom registration form web parts)
• Logon form or Logon mini form (allows existing users to sign in)
• Sign out button (allows users to sign out, typically placed inside the content of the site’s master page)

Configuring forms authentication for multiple web projects

The forms authentication uses standard ASP.NET forms authentication and its settings, which you can find in your application’s web.config file:

<system.web>
 ...
   <authentication mode="Forms">
     <forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" />
   </authentication>
 ...
<system.web>

If you’re running multiple web projects in virtual directories, and the projects have the same machine key defined, users signing in to one of the websites will be automatically signed in to sites running on other projects. To prevent that, add the path parameter to the above code in each project, as in the following example:

<authentication mode="Forms">
   <forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" path="Kentico" />
</authentication>

Additional configuration options related to user passwords may also be defined in the system, as described in Securing user accounts and passwords.