Authentication in ASP.Net

Authentication is a mechanism which detects if a user trying to access the site or resource is a valid user or not. There are lot of misinterpretations about terms Authentication and Authorization.

Authorization on the other hand is a process followed by successful authentication, which checks if the current user is having rights to access the resource.

Different modes of Authentication in ASP.Net
- None
- Windows
- Forms
- Passport

Where to set Authentication mode ?
The authentication mode can be set in a web.config file of your web application. In web.config file, under System.Web section,
we can specify Authentication mode as,

    <authentication mode="Windows" />

Authentications Modes in details

None - This is the most flexible mode provided for Authentication. You can use this setting if you don't want
to authenticate any user at all or you want to implement your own authentication mechanism. Custom authentication can be implemented using an ISAPI filters from IIS.

Passport - It is a central mechanism provided by Microsoft which allows single sign on with multiple sites mechanism. All member sites using passport mechanism are provided with a key which is used in single sign on mechanism across multiple domains.

Windows - It relies upon IIS for authenticating a user. With this settings, windows accounts are checked for authentication against user trying to log into the system. When IIS authenticates a user, it creates a security token and passes it to ASP.Net. ASP.Net then creates an WindowsPrincipal object and attaches it to the application context.

Forms - This mechanism allows your application to collect user credentials right from HTML forms. When a user submits the login credentials,
application code checks for user authentication. If it succeeds, it issues a cookie for the respective client. This cookies is then used for
subsequent requests from the respective client. If the cookie is not found, user is redirected to a log on page.

No comments:

Post a Comment


.net .Net Instrumentation logging .net localization Agile amazon amazon elasticache amazon services AppDomain Application Domain architecture asp ASP.Net authentication authentication mechanisms Byte order mark c# cache cdata certifications class classic mode cloud cloud computing cluster code-behind Combobox compilation Configuration providers configurations connection connectionString constructors control controls contructor CSV CTS .net types conversion database DataGridView DataSource DataTable DataType DBML delegates design pattern dispose double encoding Entity framework Events exception handling expiry fault contracts fault exceptions function pointers functions generics help HostingEnvironmentException IIS inner join instance management integrated mode javascript join left outer join LINQ LINQ join LINQ to SQL memory leak methods microsoft modes in IIS MSIL multiple catch blocks no primary key Nullable Osmos Osmotic Osmotic communication Osmotic communications page events page life cycle partial class PMI preserve precision points private contructor ProcessExit Project management properties property protect connectionString providerName providers query regular expression repository Responsive Web Design return type run-time RWD Saas self join session session expiry sessions singelton singleton pattern software as a service source control system SQLMetal string toolstrip ToolStrip controls ToolStripControlHost tortoise SVN ToString() try catch finally update wcf web application web design web site web.config where-clause xml