Implementing Forms Authentication in ASP.NET
The Microsoft ASP.NET framework provides a rich collection of tools. The trick is figuring out how they work together to customize your authentication system.

ASP.NET allows four different types of authentication: Forms, Windows, Passport, and None. When you implement forms authentication, you can protect every page within a specified directory. This allows you to grant access to authenticated users only. You specify the type of authentication an application uses in the web.config file (contained in the code download).

The web.config file (see Listing 1) contains a nested hierarchy of XML tags and subtags with attributes that specify the configuration settings. The most relevant set of elements are the following:

<system.web>
   <authentication>
      <forms>

and:

<location>
   <system.web>
      <authorization>
         <allow>
         <deny>

The loginUrl attribute in the <forms> tag in the web.config file specifies the redirect URL for the page when an unauthenticated user attempts to access a restricted page. The unauthenticated user enters his or her credentials on this login page. Listing 2 contains the login.aspx file with comments.

At this point, we move from explaining ASP.NET concepts alone and enter the world of Dreamweaver MX. Dreamweaver MX allows you certain capabilities, such as accessing database data with intuitive tag-based language rather than less familiar, traditional programmatic language.