Web Forms Page Life Cycle

The Life Cycle of a Web Forms Page
Round Trips
Most Web pages require processing on the server.When a user selects his product and hits the submit button the page must check on the server to see whether the selected product is available or not. This kind of functionality is achieved by handling server control events. Whenever a user interaction requires processing on the server, the Web page is posted back to the server, processed and is returned back to the browser. This sequence is called round trip. The image below demonstrates server round trip.
In any Web scenario, Web pages are recreated with every round trip. When the server finishes processing and sends the page to the browser, it discards the page information. This frees server resources after each request and a Web application can scale to support hundreds or thousands of simultaneous users. The next time the page is posted, the server starts over in creating and processing it, and for this reason, Web pages are said to be stateless. Stateless means the values of a page's variables and controls are not saved on the server.


ASP.NET works around the above said limitations in the following ways:

* ASP.NET saves page and control properties between round trips. This is referred to as saving the view state of the control.
* It provides state management facilities so that you can save your own variable and application-specific or session-specific information between round trips.
* It can detect when a form is requested for the first time versus when the form is posted, and allows you to program accordingly. You may want a different behavior during a page postback versus an initial request.
Stages in Web Forms Processing

Stage	Means	Use
Page Initialization	The page's Page_Init event is raised, and the page and control view state are restored.	During this event, the ASP.NET page framework restores the control properties and postback data.
User Code Initialization	The page's Page_Load event is raised.	Read and restore values stored previously, Using the Page.IsPostBack property, check whether this is the first time the page is being processed. If this is the first time the page is being processed then perform initial data binding. Otherwise, restore control values. Read and update control properties.
Validation	The Validate method of any validator Web server controls is invoked to perform the control's specified validation.	Test the outcome of validation in an event handler
Event Handling	If the page was called in response to a form event, the corresponding event handler in the page is called during this stage	Perform application-specific processing and handle the specific event raised.
Cleanup	The Page_Unload event is called because the page has finished rendering and is ready to be discarded.	Perform final cleanup work. Close files, closing database connections and discard objects.

Form Authtentication

Forms Authentication is a system in which unauthenticated requests are redirected to a Web form where users are required to provide their credentials. Upon submitting the form, and being properly verified by your application, an authorization ticket is issued by your Web application in the form of a cookie. This authorization cookie contains the user's credentials or a key for reacquiring the user's identity (e.g. therefore making the identity persistent). In essence, Forms Authentication is a means for wrapping your Web application around your own login user interface and verification processes.

FORM AUTHENTICATION FLOW

1. A client generates a request for a
protected resource (e.g. a secured page from your site).
2.IIS (Internet Information
Server) receives the request. If the requesting client is authenticated by
IIS, the user/client is passed on to the ASP.NET application.
3. If the client doesn't contain a valid authentication ticket/cookie, ASP.NET will redirect the user to the URL specified in the loginURL attribute of the Authentication tag in your web.config file.

how to configure web.config to use Authentication

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms name=".COOKIEDEMO" 
             loginUrl="login.aspx" 
             protection="All" 
             timeout="30" 
             path="/"/> 
    </authentication>
    <authorization>

      <deny users="?" />
    </authorization>
  </system.web>
</configuration>

There are five attributes which are involved in form authentication
>>NAME
>>LOGIN URL
>>PROTECTION
>>TIMEOUT
>>PATH..

ASP.NET Forms Authentication

ASP.NET has two authentication models.

One of the key improvements granted by the ASP.NET integration in IIS 7.0 is a unified authentication model. Instead of the two-stage model in previous versions of IIS, where IIS executed its own authentication methods before ASP.NET processing began, in Integrated mode IIS and ASP.NET authentication modules participate in a single authentication process as equals. With this, it becomes very easy to write custom authentication methods using .NET (that previously required ISAPI filters and C++ code), and use these solutions in a way that integrates seamlessly into the IIS security model.