ASP.NET Authentication and Authorization

Define Authentication and Authorization.

Authentication is the process of verifying user's identity. Authorization is the process of granting privilege to authenticated user. The user is validated using authenticated process and then the authorization process identifies if the user has access to a given resource. In ASP.NET, you can authenticate user in code or allow the user to be authenticated by other party such as MS Passport. You have two layer of authentication in ASP.NET i.e. IIS layer and ASP.net authentication process layer. IIS performs authentication if it is configured to do so. By default, IIS allows anonymous access which means all the users are authenticated. All the requests pass through IIS layer and then to ASP.NET authentication process. If any user requests IIS layer for anonymous access, the user is treated as authenticated and pass to ASP.NET process. ASP.NET checks if impersonation is enabled in the web configuaration file i.e. web.config file. If impersonation is enabled, ASP.net acts as though it were the authenticated user otherwise it process with its own configured account.
To enable the application to authenticate users,
you need to add <deny users = "?"> element in the authorization section of Web.config.
Authentication mode available in ASP.NET
ASP.NET - What is the authentication mode available in ASP.NET? - ASP.NET supports three authentication modes through the System.Web.Security namespace.......
Authentication mode in the ASP.NET application
ASP.NET - How do you set authentication mode in the ASP.NET application? - You can set authentication mode using web.config file....
ASP.NET windows authentication and form authentication
ASP.NET windows authentication and form authentication - Windows authentication uses windows account whereas form authentication maintains its own user list..
Post your comment
Discussion Board
comment
very very useful information
charumathi 04-9-2012