Form Authtentication

Forms Authentication is a system in which unauthenticated requests are redirected to a Web form where users are required to provide their credentials. Upon submitting the form, and being properly verified by your application, an authorization ticket is issued by your Web application in the form of a cookie. This authorization cookie contains the user's credentials or a key for reacquiring the user's identity (e.g. therefore making the identity persistent). In essence, Forms Authentication is a means for wrapping your Web application around your own login user interface and verification processes.

FORM AUTHENTICATION FLOW

1. A client generates a request for a
protected resource (e.g. a secured page from your site).
2.IIS (Internet Information
Server) receives the request. If the requesting client is authenticated by
IIS, the user/client is passed on to the ASP.NET application.
3. If the client doesn't contain a valid authentication ticket/cookie, ASP.NET will redirect the user to the URL specified in the loginURL attribute of the Authentication tag in your web.config file.

how to configure web.config to use Authentication

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms name=".COOKIEDEMO" 
             loginUrl="login.aspx" 
             protection="All" 
             timeout="30" 
             path="/"/> 
    </authentication>
    <authorization>

      <deny users="?" />
    </authorization>
  </system.web>
</configuration>

There are five attributes which are involved in form authentication
>>NAME
>>LOGIN URL
>>PROTECTION
>>TIMEOUT
>>PATH..