Configuring forms authentication

With forms authentication, the application stores user names and passwords in the database and requires users to register to your site before they can log in. Forms authentication is the default option in Kentico.

To allow users to register and log in on your live site, you need to add the following web parts onto your site:

• Registration form (see Using the Registration form and Custom registration form web parts)
• Logon form or Logon mini form (allows existing users to log in)
• Sign out button (allows users to log out, typically placed inside the content of the site’s master page)

Configuring forms authentication for multiple web projects

The forms authentication uses standard ASP.NET forms authentication and its settings, which you can find in your application’s web.config file:

<system.web>
 ...
   <authentication mode="Forms">
     <forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" />
   </authentication>
 ...
<system.web>

If you’re running multiple web projects in virtual directories, and the projects have the same machine key defined, users logging in to one of the websites will be automatically logged in to sites running on other projects. To prevent that, add the path parameter to the above code in each project, as in the following example:

<authentication mode="Forms">
   <forms loginUrl="CMSPages/logon.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" path="Kentico" />
</authentication>

Additional configuration options related to user passwords may also be defined in the system, as described in the Securing user accounts and passwords.