The recommended method for login by MSDN if Active Directory is not available is to use Forms Authentication for the security mode in your web.config file. Use the following general code with ASP.NET Membership and SQL Server:
private void Login_Click(Object sender, EventArgs e)
{
// Create a custom FormsAuthenticationTicket containing
// application specific data for the user.
string username = UserName.Text; //use this if you're using membership
string password = UserPassTextBox.Text; //use this if you're using membership
bool isPersistent = true; //true to create a durable cookie (one that is saved across browser sessions); otherwise, false
if (Membership.ValidateUser(username, password))
{
string userData = "ApplicationSpecific data for this user.";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
// Redirect back to original URL.
Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent));
}
else
{
Msg.Text = "Login failed. Please check your user name and password and try again.";
}
}
In the web.config:name=".ASPXAUTH" //This could be any name for cookie
loginUrl="login.aspx"
defaultUrl="default.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
cookieless="UseDeviceProfile"
domain=""
enableCrossAppRedirects="false">
All above is explained:
MSDN Forms Authentication Link
Forms authentication shown above allows you to restrict folder access in web.config and use IsAuthorized before user could go to a new URL in your application.