0
votes

I am developing on Windows Server 2008 with VSTS 2008 + C# + .Net 3.5 to develop an ASP.Net application using Forms authentication. I am learning Forms authentication from http://msdn.microsoft.com/en-us/library/aa480476.aspx

I have two basic questions,

  1. I think after call method "FormsAuthentication.SetAuthCookie", the user should be authenticated, why in step 9, it is said "9.The FormsAuthenticationModule class detects the forms authentication cookie and authenticates the user"? Seems we need authenticate user twice, both in step 6 (when we call FormsAuthentication.SetAuthCookie) and in step 9? If yes, why we need to authenticate user twice?

  2. In order to implement a custom Forms authentication (I have a custom user credential database which is used for Forms authentication), do I need to call 4 methods -- "new FormsAuthenticationTicket", "FormsAuthentication.Encrypt", new HttpCookie and Response.Cookies.Add(authCookie)? Or just need to call "FormsAuthentication.SetAuthCookie"?

1

1 Answers

2
votes
  1. You perform step 6, the Forms Library module performs step 9.
  2. No, just call SetAuthCookie / RedirecterFormLogin.