This module, when loaded through the web.config file (<authentication mode="Forms">), provides Forms-based authentication. In this model, the ASP.NET framework uses a special authentication cookie. If it is not present, users are redirected to a custom ASP.NET page where they can acquire the cookie once they log in successfully. If the cookie is present, ASP.NET fires the Authenticate event, places identity information in the System.Web.HttpContext.User property, and allows access. You can react to this event by creating an event handler called FormsAuthentication_OnAuthenticate in the global.asax file.

Several additional settings, including the URL for the login page and the length of time before the cookie expires, can be set in the web.config file. The actual authentication for the user is performed in the custom code you create for the login page. This code uses the helper methods in the FormsAuthentication class to authenticate the user and assign the Forms authentication cookie.

public sealed class FormsAuthenticationModule : System.Web.IHttpModule {
// Public Constructors
   public FormsAuthenticationModule( );
// Public Instance Methods
   public void Dispose( );                           // implements System.Web.IHttpModule
   public void Init(System.Web.HttpApplication app); // implements System.Web.IHttpModule
// Events
   public event FormsAuthenticationEventHandler Authenticate;
}