Forms authentication

Introduction

This section provides an introduction to the forms authentication model in EPiServer. The default forms authentication system uses the default membership and role system in ASP.NET. Configuration of membership and role providers is done in web.config file for the website. The EPiServer sample sites have a number of predefined users, groups and roles, both for managing editorial content as well as for administering the e-commerce tasks.

Terminology

Authentication is used by the system to identify users and user groups. These are some common terms used in this context:

• Authentication. The process of identifying a user. The usual way of doing this is with a username and a password.
• Provider. A module that is called by ASP.NET to provide an underlying service.
• Membership provider. The module that handles authentication in the security model in ASP.NET.
• Role provider. The module that gives the base data for authorization in the new security model in ASP.NET.
• Profile provider. The module that stores and retrieves personalized data in ASP.NET.

To configure forms authenication you must set the authentication type in the system.web section of the web.config like bleow

<authentication mode="Forms">
      <forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="4320" defaultUrl="~/" />
    </authentication>

See also

• Refer to Configuring membership providers for more information on membership provider configurations.