The below configuration elements show how you enable Forms authentication in Web.config.
<forms loginUrl=”login.aspx” name=”MyCookie” timeout=”60″ path=”/”>
When you use Forms authentication, the following authorization options are avail- able to you:
Client Requested Resources
Requested resources require ACLs that allow read access to the anonymous Internet user account. (IIS should be configured to allow anonymous access when you use Forms authentication).
Configure URL Authorization in Web.config. With Forms authentication, the format of user names is determined by your custom data store; a SQL Server database, or Active Directory.
If you are using a SQL Server data store:
<deny users=”?” />
<allow users=”Raju,Biju,Tamanna” roles=”Manager,Sales” />
Explicit Role Checks
You can perform role checking using the IPrincipal interface.
When to Use
Forms authentication is most ideally suited to Internet applications. Use Forms authentication when: Your application’s users do not have Windows accounts.
You want users to log on to your application by entering credentials using an HTML form.