Security Controls
With the large amount of business being done on the web, security
is vitally important for protecting not only confidential
information such as credit card numbers, but also users’ personal
details and preferences. Thus, most of the web applications require
the capability to authenticate users on their web sites. Although
this was easy to do in ASP.NET 1.x, you still had to write code.
With ASP.NET 2.0, things have changed for the better. For
security-related functionalities, ASP.NET 2.0 introduces a wide
range of new controls:
- <asp:Login>: Provides a standard
login capability that allows the users to enter their credentials
- <asp:LoginName>: Allows you to
display the name of the logged-in user
- <asp:LoginStatus>: Displays whether
the user is authenticated or not
- <asp:LoginView>: Provides various
login views depending on the selected template
- <asp:PasswordRecovery>: Provides the web site
administrators with the capability to email the users their lost
password
The login controls described here abstract most of the common
tasks for which developers have to manually write code for a secured
web site. Although this could be achieved in ASP.NET 1.x, you still
had to add controls manually and write code. Apart from providing
the user interface, ASP.NET 2.0 also provides the capability to
retrieve and validate user information using Membership
functionality. To this end, ASP.NET ships with a new Membership API,
the aim of which is to abstract the required membership
functionality from the storage of the member information.
More Related links
This articles describes the navigation ways
available in ASP.NET.
This includes introduction of .Net framework, .Net framework
architecture, role of assembly and GAC.
This includes caching mechanism in ASP.NET, its advantages and
types.
Here you have details about session state, its modes and
advantages and disadvantages of using session state management in
ASP.NET.
Security is one of the most important elements of an application.
The word "security" covers two concepts: Authentication is the
verifi cation's process of a principal's identity; a principal is
typically a user. A principal in order to be authenticated provides
a credential that is the password. Authorization, on the other hand,
is the process of granting authorities, which are usually roles, to
an authenticated user...........
Custom authentication needs installation of ISAPI filter in
IIS.........
If windows authentication mode is selected for an ASP.NET
application, then authentication also needs to be configured within
IIS since it is provided by IIS............
Passport authentication provides authentication using Microsoft’s
passport service............
|
