The Authentication tab of the ASP.NET Configuration Settings dialog box lets you manage authentication of user accounts and roles for the current Web site. ASP.NET Authentication is the process of obtaining identification credentials, such as a user name and password from a user account, for validating the credentials against some authority. For a complete description of how ASP.NET implements authentication, see ASP.NET Authentication.

The Authentication tab also provides support to add, remove, and configure membership providers and role management for the current Web application. ASP.NET role management lets you specify the resources that user accounts in your application have access to. Role management lets you treat groups of user accounts as a unit by assigning user accounts to roles. For more information about ASP.NET role management, see Understanding Role Management.

You can create and use custom membership providers in your Web application. For a complete description of how to implement a custom membership provider, see Implementing a Membership Provider.

The settings that you make on the Authentication tab apply to the Web site that you selected before opening the Properties dialog box.

NoteNote

Configuration settings can be inherited. Settings can be defined in the Machine.config file, which acts as the base configuration for all Web sites on the server. For more information about ASP.NET configuration files, see ASP.NET Configuration File Hierarchy and Inheritance.

To display the Authentication tab of the ASP.NET Configuration Settings dialog box
  1. In Microsoft Windows, open Administrative Tools, and then click Internet Information Services (IIS) Manager.

    IIS Manager appears.

  2. Under Internet Information Services, expand Servername (local computer), expand Web Sites, right-click either Websitename or Default Website, and then click Properties.

    The Web Site Properties dialog box appears.

  3. Click the ASP.NET tab, and then click Edit Configuration.

    The ASP.NET Configuration Settings dialog box appears.

  4. Click the Authentication tab.

Tasks

Using the Authentication tab, you can do the following:

  • Configure the authentication type for the current Web application.

  • Add, remove, and modify membership providers for the current Web application.

  • Add, remove, and modify role membership providers for the current Web application.

UI Elements

Authentication mode

Click to specify the authentication mode for the current Web site. For a complete description of each authentication mode, see ASP.NET Authentication.

HTTP cookie name

Type the name of the HTTP cookie to use for authentication in the current Web site. HTTP cookie name is only available for configuring Forms authentication.

Login URL

Type the URL to which the request is redirected for log on, if no valid authentication cookie is found. The default is login.aspx. Login URL is only available for configuring Forms authentication.

Cookie protection

Click to specify the type of encryption, if any, to use for the authentication cookie. Cookie protection is only available for configuring Forms authentication.

Cookie timeout

Enter the amount of time, in integer minutes, after which the authentication cookie expires. The default is 30. Cookie timeout is only available for configuring Forms authentication.

Require SSL

Select this check box to specify that an SSL connection is required to transmit the authentication cookie. Require SSL is only available for configuring Forms authentication.

Enable sliding expiration

Select this check box to reset the expiration time for a valid authentication cookie, if a request is made and more than half of the timeout interval has elapsed. Enable sliding expiration is only available for configuring Forms authentication.

Membership provider class

Click to specify the configured membership providers for the current Web site.

Manage Providers

Click to open the Provider Settings dialog box where you can add, remove, and configure membership providers for the current Web site.

Role management enabled

Select this check box to enable role management to manage access rules for groups of user accounts.

Role provider class

Click to specify the configured role membership providers for the current Web site.

Manage Providers

Click to open the Provider Settings dialog box where you can add, remove, and configure role membership providers for the current Web site.

See Also

Concepts

Implementing a Membership Provider
Understanding Role Management
ASP.NET Configuration File Hierarchy and Inheritance

Other Resources

ASP.NET Authentication
MMC Snap-In for ASP.NET