Home/ Questions/Q 850789
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T07:19:22+00:00

I have created a site in ASP.NET 3.5 & I have only 2 or

  • 0

I have created a site in ASP.NET 3.5 & I have only 2 or 3 user login IDs who can login to the website.

What would be the best way to save these login details? Which of these approaches, or others, would be most suitable?

  1. Using Forms Authentication, and saving credentials (username and password) in web.config
  2. to create a text file in directory and modify it

Which approach is best from a security and maintenance perspective? What other approaches are suitable for a login system for ASP.NET?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Do you already have a database? If so, use forms authentication and ASP.NET membership like everyone says. It is real simple to integrate into your current database (assuming it’s sql server – i don’t know about others). I realize adding a DB for 2 or 3 users isn’t always an option due to budget or whatever so you can use forms authentication and store the user in the web.config. I’ve done this in the past and it is very simple.

    Your web.config will look like:

    <authentication mode="Forms">
    <forms loginUrl="Login.aspx">
        <credentials passwordFormat="Clear">
            <user name="myUser" password="password" />
        </credentials>
    </forms>
</authentication>

    Then you can use the built in login controls. If you do it this way you need to implement the Autenticate event.

        protected void Login1_Authenticate(object sender, System.Web.UI.WebControls.AuthenticateEventArgs e)
    {
        string UserName = Login1.UserName;
        string Password = Login1.Password;

        if (FormsAuthentication.Authenticate(UserName, Password))
        {
            e.Authenticated = true;
        }
        else
        {
            e.Authenticated = false;
        }
    }

    Of course this isn’t the most secure way to go about this, and you’ll probably want to at least look at encrypting the credentials in the web.config, but it is simple and works when a database isn’t an option.

    • 0