HOW TO: Use Mobile Forms Authentication with Microsoft Mobile Internet Toolkit (311568)


The information in this article applies to:

  • Microsoft Mobile Internet Toolkit (MMIT)
This article was previously published under Q311568

IN THIS TASK

SUMMARY

This article describes how to use mobile forms authentication with Microsoft Mobile Internet Toolkit (MMIT).

back to the top

Requirements

The following list outlines the recommended hardware, software, network infrastructure, and service packs that are required:
  • Microsoft Mobile Internet Toolkit 1.0
NOTE: To download Microsoft Mobile Internet Toolkit 1.0, visit the following Microsoft Web site:

Microsoft Mobile Internet Toolkit 1.0
http://msdn.microsoft.com/downloads/default.asp?url=/downloads/sample.asp?url=/msdn-files/027/001/817/msdncompositedoc.xml

back to the top

Description of Mobile Forms Authentication

MMIT supports the same authentication methods that Microsoft ASP.NET provides:
  • Forms
  • None
  • Passport
  • Windows
Mobile forms authentication works in conjunction with forms authentication from ASP.NET. To authenticate a user, you can authenticate against the <credentials> section of the Web.config file, or you can provide custom authentication.

Mobile forms authentication is different from forms authentication in that forms authentication works off of an HTTP redirect and an authentication cookie. Because not all mobile devices support redirects with cookies, mobile forms authentication puts the authentication information in the QueryString property instead of a cookie.

When you use mobile forms authentication, after you perform custom authentication and set the authentication cookie, call the MobileFormsAuthentication.RedirectFromLoginPage method instead of the FormsAuthentication.RedirectFromLoginPage method. If the browser on the device that you are using does not support a redirect with a cookie, mobile forms authentication removes the cookie from the HttpResponse.Cookies collection and puts the authentication information as a variable in the QueryString property.

When you want the user to re-authenticate, use the MobileFormsAuthentication.SignOut method instead of the FormsAuthentication.SignOut method. MobileFormsAuthentication.SignOut calls FormsAuthentication.SignOut internally and sets the MobilePage.Adapter.PersistCookielessData property to false. When this property is set to true, each link that is generated for the page adds the authentication information to the URL as a QueryString variable. When this property is set to false, no authentication information is added to the URL.

back to the top

Create the Sample Code to Perform Mobile Forms Authentication

  1. Follow these steps to create a new Visual C# Mobile Web Application project:
    1. Start Microsoft Visual Studio .NET.
    2. On the File menu, point to New, and then click Project.
    3. Click Visual C# Projects under Project Types, and then click Mobile Web Application under Templates.
  2. Add the following code to the Web.config file:
       <authentication mode="Forms">
      <forms loginUrl="login.aspx" name="nameOfAuthCookie" timeout="60" path="/" >
         <credentials passwordFormat="Clear">
            <user name="username" password="password"/>
         </credentials>
      </forms>
   </authentication>
   <authorization>
	<deny users="?" />
   </authorization>
  3. Follow these steps to add a Mobile Web Form to the project:
    1. On the Project menu, click Add New Item.
    2. Click Mobile Web Form under Templates.
    3. Type Login.aspx in the Name box.
  4. Add the following controls from the Mobile Controls section of the toolbox to the page:
    Control TypeControl NameControl Text
    LabelLabel1(default)Type User Name
    TextBoxtxtUserName
    LabelLabel2(default)Type Password
    TextBoxtxtPassword
    CommandcmdLoginLog On
    LabellblError

  5. Double-click Log On to open the Click event of the Button control and to open the code-behind page.
  6. Add the following code to the code-behind page:
    private void cmdLogin_Click(Object sender, EventArgs e)
   {
      if(IsAuthenticated(txtUsername.Text, txtPassword.Text))
      {
       MobileFormsAuthentication.RedirectFromLoginPage(txtPassword.Text,true);
      }
      else
      {
         lblError.Text = "Check your credentials";
      }
   }

private bool IsAuthenticated(String user, String password)
{//Check the values against forms authentication store.

   if(FormsAuthentication.Authenticate(user, password))
   {
      return true;
   }
   else
   {
      return false;
    }
}
  7. Add the following using statement to the "using" section of the code-behind page:
    using System.Web.Security;
  8. Follow these steps to add another Mobile Web Form to the project:
    1. On the Project menu, click Add New Item.
    2. Click Mobile Web Form under Templates.
    3. Type Page1.aspx in the Name box.
  9. Add a Label control to the page, and then change the text of the Label control to Authenticated!.
  10. Compile the application, and then open the Page1.aspx page in your browser. Notice that you are redirected to the Login.aspx page, where you must log on. After you are successfully logged on, you are then redirected to Page1.aspx.
back to the top

REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

311495 HOW TO: Implement Role-Based Security with Forms-Based Authentication in Your ASP.NET Application by Using Visual C# .NET

306238 HOW TO: Implement Role-Based Security with Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET

For more information, visit the following Microsoft Web site:

.NET Passport Integration with the Microsoft Mobile Internet Toolkit
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmitta/html/mmitpassport.asp

back to the top
Modification Type:MajorLast Reviewed:10/27/2002
Keywords:kbDSupport kbhowto kbHOWTOmaster kbHTMLDevice kbSecurity kbWMLDevice KB311568 kbAudDeveloper
©2002 Microsoft Corporation. All rights reserved.