Faraz Shah Khan


Authentication using web.config Credentials

In one of my projects I have been asked to implement temporary security on sepcific module for internal usage and it was also suggested that I will not be putting more efforts on the same. First thing came in my mind was Membership/RoleProvider, but as I advised my planned solution they surprised me with the decision that I will not be using these providers and I should be using something more simpler and I was like Duh!!!

Any way I started thinking about a much more simpler solution as I have been alotted the biggest time period ever of 10-15 minutes max for this task :).

OK now I guess I should come to the point. During this process I realised that web.config credentials can be a good option as I personally don't wanted to implement any hardcoded authentication. It is very straight forward and simple but I had some problems implementing that solution so I thought to blog about how to authenticate using credentials incase if any one require the same.

All you need to do is to add some credentials in your web.config like this:

  <authentication mode="Forms">
   <forms loginUrl="~/SignIn.aspx" name=".ASPXAUTH" slidingExpiration="true" timeout="1440" path="/" defaultUrl="~/Default.aspx">
    <credentials passwordFormat="Clear">
     <user name="testUser1" password="testPass1"/>
     <user name="testUser2" password="testPass2"/>
     <user name="testUser2" password="testPass3"/>

In the code block it can be authenticated like this:

if (FormsAuthentication.Authenticate(this.txtUserName.Text, this.txtPassword.Text))
  FormsAuthentication.SetAuthCookie(this.txtUserName.Text, false);
  FormsAuthentication.RedirectFromLoginPage(this.txtUserName.Text, false);
  Response.Write("Invalid login details. Please try again.");


I hope it will be helpful for others as well. And yes it can be done in 15 minutes :)


Mukesh RAna said:

really a gud thing!! thnx a lot

# April 22, 2009 7:59 AM

Bradut Dima said:


Right when I needed...amazing that you have posted this only a couple of hours ago!

# April 23, 2009 12:40 AM

satalaj said:

This is really nice stuff. I will try now.

# June 4, 2009 1:17 AM

Jedi302 said:

Great post, just what i needed. it was so long ago i did a site with only one user so i forgot who to do..


# November 13, 2009 8:48 AM

crestron ipad app said:

Bad times make a good man.


# December 22, 2010 3:55 AM

ipad case said:


You really are a incredibly intelligent particular person!

# January 3, 2011 1:32 PM

Bradly Yonkoske said:

Please let me know if you are searching for a writer for your blog. You've some truly wonderful articles and I believe I could be a good asset. For those who ever desire to take a few of the load off, I'd completely enjoy to write some content for your weblog in exchange for a link back to mine. Please shoot me an e-mail if interested.

# June 29, 2011 10:36 AM

yrleu said:

A simpler solution:


private void LoginEmployees_Authenticate(object sender, System.Web.UI.WebControls.AuthenticateEventArgs e)


if (FormsAuthentication.Authenticate(LoginEmployees.UserName, LoginEmployees.Password))


// Valid login

e.Authenticated = true;




// Invalid login

e.Authenticated = false;




# March 7, 2012 1:55 AM

Romko said:

cool, simple and effective explanation. thanks!

# July 2, 2012 6:08 AM

Saurah Saxen said:

Nice blog its really help me ,

but how to authenticate it using database username and password.

# August 14, 2012 12:43 PM