Edit Forms Authentication Settings (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Forms authentication lets users log on by using identities from an ASP.NET membership database. This authentication method uses redirection to an HTML logon page to confirm the identity of the user. You can configure Forms authentication at the site or application levels.

Forms authentication is convenient for the following reasons:

  • It allows either a custom data store, such as a SQL server database, or Active Directory to be used for authentication.

  • It integrates easily with a Web user interface.

  • Clients can use any browser.

If you want to use membership roles for authorization, you must use Forms authentication or a similar custom authentication method.


Editing a configuration setting changes the setting at the local level and for any child levels that inherit the setting.


Credentials are passed as clear text, so that you have to configure SSL for the logon page and any other pages that require an authentication cookie to be sent across the network.


If you select Forms authentication, you cannot use any of the challenge-based authentication methods at the same time.


For information about the levels at which you can perform these procedures, and the modules, handlers, and permissions that are required to perform these procedures, see Authentication Feature Requirements (IIS 7).


This task includes the following procedures:

Specify the Login URL for Forms Authentication (IIS 7)

Specify the Authentication Time-out for Forms Authentication (IIS 7)

See Also


Configuring .NET Roles in IIS 7