The FormsAuthenticationModule is the most important part of the forms authentication framework. The module is an HttpModule class that detects existing forms authentication tickets in the request. If the ticket is not available and the user requests a protected resource, it automatically redirects the request to the login page configured in your web.config file before this protected resource is even touched by the runtime.

If the ticket is present, the module automatically creates the security context by initializing the HttpContext.Current.User property with a default instance of GenericPrincipal, which contains a FormsIdentity instance with the name of the currently logged-in user. You don’t work with the module directly and for that reason your interface to the module consists of the classes described in the next table, which are part of the System.Web.Security namespace.


Class name



This primary class, for interacting with the forms authentication infrastructure, provides basic information about the configuration. You can use it to create the ticket, set the cookie, and redirect from the login page to the originally requested page if the validation of credentials was successful.


The FormsAuthenticationModule raises an Authenticate event that you can catch. The event arguments passed are encapsulated in an instance of this class. It contains basic information about the authenticated user.


This class represents the user information that will be encrypted and stored in the authentication cookie.


This class is an implementation of IIdentity that is specific to forms authentication. The key addition to the FormsIdentity class,  in addition to the members required when implementing the IIdentity interface, is the Ticket property, which exposes the forms authentication ticket. This allows you to store and retrieve additional information in the ticket, such as caching role information for simple scenarios.


This is the core of the forms authentication infrastructure that establishes the security context and performs the automatic page redirects to the login page if necessary.


Mostly you will use the FormsAuthentication class and the FormsIdentity class, which represents a successfully authenticated user in your application. Next you will learn how to use forms authentication in your application.