I am developing a site which uses FormsAuthentication. I am not using the built-in asp.net Membership feature. The <authentication mode is set to forms> in the web.config file. Roles are also defined in the Global.asax file. On the login page, this is code I use:
if (user is authenticated)
{
FormAuthenticationTicket t = New FormsAuthenticationTicket (...);
string hash = FormAuthentication.Encrypt (t);
HttpCookie myCookie = new HttpCookie (FormsAuthentication.FormsCookieName, hash);
Response.Cookies.Add (myCookie);
string url = Request.QueryString ["returnURL"];
Response.Redirect (url);
}
else
{
// display error message
}I just want to know if the above code is the correct way to use FormAuthentication. Please correct me if I am mistaken. Thanks...