HOW TO: Use Mobile Forms Authentication with Microsoft Mobile Internet Toolkit

This article describes how to use mobile forms authentication with Microsoft Mobile Internet Toolkit (MMIT).

Requirements

The following list outlines the recommended hardware, software, network infrastructure, and service packs that are required:

• Microsoft Mobile Internet Toolkit 1.0

NOTE: To download Microsoft Mobile Internet Toolkit 1.0, visit the following Microsoft Web site:

Description of Mobile Forms Authentication

MMIT supports the same authentication methods that Microsoft ASP.NET provides:

• Forms
• None
• Passport
• Windows

Mobile forms authentication works in conjunction with forms authentication from ASP.NET. To authenticate a user, you can authenticate against the <credentials> section of the Web.config file, or you can provide custom authentication.

Mobile forms authentication is different from forms authentication in that forms authentication works off of an HTTP redirect and an authentication cookie. Because not all mobile devices support redirects with cookies, mobile forms authentication puts the authentication information in the QueryString property instead of a cookie.

When you use mobile forms authentication, after you perform custom authentication and set the authentication cookie, call the MobileFormsAuthentication.RedirectFromLoginPage method instead of the FormsAuthentication.RedirectFromLoginPage method. If the browser on the device that you are using does not support a redirect with a cookie, mobile forms authentication removes the cookie from the HttpResponse.Cookies collection and puts the authentication information as a variable in the QueryString property.

When you want the user to re-authenticate, use the MobileFormsAuthentication.SignOut method instead of the FormsAuthentication.SignOut method. MobileFormsAuthentication.SignOut calls FormsAuthentication.SignOut internally and sets the MobilePage.Adapter.PersistCookielessData property to false. When this property is set to true, each link that is generated for the page adds the authentication information to the URL as a QueryString variable. When this property is set to false, no authentication information is added to the URL.

Create the Sample Code to Perform Mobile Forms Authentication

1. Follow these steps to create a new Visual C# Mobile Web Application project:
   1. Start Microsoft Visual Studio .NET.
   2. On the File menu, point to New, and then click Project.
   3. Click Visual C# Projects under Project Types, and then click Mobile Web Application under Templates.
2. Add the following code to the Web.config file:

      <authentication mode="Forms">
         <forms loginUrl="login.aspx" name="nameOfAuthCookie" timeout="60" path="/" >
            <credentials passwordFormat="Clear">
               <user name="username" password="password"/>
            </credentials>
         </forms>
      </authentication>
      <authorization>
   	<deny users="?" />
      </authorization>
       
   					

3. Follow these steps to add a Mobile Web Form to the project:
   1. On the Project menu, click Add New Item.
   2. Click Mobile Web Form under Templates.
   3. Type Login.aspx in the Name box.
4. Add the following controls from the Mobile Controls section of the toolbox to the page:
   Collapse this tableExpand this table

   Control Type	Control Name	Control Text
   Label	Label1(default)	Type User Name
   TextBox	txtUserName
   Label	Label2(default)	Type Password
   TextBox	txtPassword
   Command	cmdLogin	Log On
   Label	lblError

   
   
5. Double-click Log On to open the Click event of the Button control and to open the code-behind page.
6. Add the following code to the code-behind page:

   private void cmdLogin_Click(Object sender, EventArgs e)
      {
         if(IsAuthenticated(txtUsername.Text, txtPassword.Text))
         {
          MobileFormsAuthentication.RedirectFromLoginPage(txtPassword.Text,true);
         }
         else
         {
            lblError.Text = "Check your credentials";
         }
      }
   
   private bool IsAuthenticated(String user, String password)
   {//Check the values against forms authentication store.
   
      if(FormsAuthentication.Authenticate(user, password))
      {
         return true;
      }
      else
      {
         return false;
       }
   }
   					

7. Add the following using statement to the "using" section of the code-behind page:

   using System.Web.Security;
   					

8. Follow these steps to add another Mobile Web Form to the project:
   1. On the Project menu, click Add New Item.
   2. Click Mobile Web Form under Templates.
   3. Type Page1.aspx in the Name box.
9. Add a Label control to the page, and then change the text of the Label control to Authenticated!.
10. Compile the application, and then open the Page1.aspx page in your browser. Notice that you are redirected to the Login.aspx page, where you must log on. After you are successfully logged on, you are then redirected to Page1.aspx.

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base: For more information, visit the following Microsoft Web site: