help using FormsAuthentication

[goaway1234]

I am writing a site, and I want to use FormsAuthentication, but not keep the credentials in the web.config file. I know this is a common scenario, but the docs aren't very clear about how it is done.

I have a database of users, password hashes, and salt bytes. How can I have the FormsAuthentication class use this database instead of the web.config file? I have looked into the FormsAuthentication_OnAuthenticate event in global.asax, but I don't see any way to infer the user name and password from its arguments.

Any advice or insight into how authentication works in ASP.NET is appreciated.

 

[DaZZleD]

in the web.config file you can specify the file that handles the authorisation of users.

    <authentication mode="Forms"> 
		<forms loginUrl="logon.aspx" name="myCookieName" timeout="20" protection="All"></forms>
	</authentication>

inside login.aspx you provide the logic for authentication (like use two textboxes to get the username and password, then check them against the database and if correct allow access). allowing access means:

FormsAuthentication.RedirectFromLoginPage("username", false);

--------------------------
"two wrongs don't make a right, but three lefts do" - the unknown sage