It is the process that determines the identity of a user. Whenever a user logs
on to an application, the user is first authenticated and then authorized. It
is the process by which the system validates a user's logon information.
Authorization
Authorization determines whether a particular user should be granted access to a
specific resource or not. In another word you can say it is a process of
granting approval or permission on resources.
The ASP.NET Framework supports following types of authentication:
Windows Authentication
NET Passport Authentication
Forms Authentication
None
You can use these different authentication modes by applying the settings to the
application’s web.config file or in conjunction with the application server’s
Internet Information Services (IIS) instance. A web.config file is another
XML-based configuration file that resides in the root directory of the Web
application. The settings applied in the web.config file override the same
settings applied in the higher-level machine.config file. These XML-based files
enable you to easily change how ASP.NET behaves.
The <authentication> Node in web.config file
You can enable a particular type of authentication for an application in an
application’s root web configuration file.
It is the default authentication mode in ASP.NET. Windows authentication is
used together with IIS authentication. It can be is performed by IIS in the
following ways: • Basic • Digest • Integrated Windows Authentication
Forms
The user provides his login information and submits the form. If the
information is correct then, the system issues a form that contains the
credentials or a key for getting the identit
Passport
A centralized authentication service provided by Microsoft that offers single
login and core profile services for member sites. MSN and Hotmail uses the
passport authentication.
None
No authentication mode is applied.
Windows Authentication
Windows authentication is useful in an intranet environment (Within the
organization). In a Windows-based authentication model, the requests go
directly to IIS to provide the authentication process.
Allowing a single user through the web.config file
In the above given example only user name “CrrerRide” will allow to use the
resource and all other user users will deny to access.
The <allow> and <deny> nodes supports the following attributes.
ATTRIBUTE
DESCRIPTION
Users
You can specify users by their domain and/or name.
Roles
Provides the role for groups that are allowed or denied access.
Verbs
It is the HTTP transmission method that is allowed or denied access.
Forms-Based Authentication
Forms-based authentication authenticates the user who wants to access an entire
application or specific resources within an application. It is based on cookies
where the user name and the password are stored either in a text file or the
database. After a user is authenticated, the user’s credentials are stored in a
cookie for use in that session.
Example:
Using forms-based authentication in your Web application is easy and simple the
first step is to modify the web.config file in your application as given below.
The web configuration file contains a forms element that contains a credentials
element. The credentials element includes a usernames and passwords. The
question mark (?) symbol represents the all anonymous users.
Step 2:
Create an asp.net page name Login.aspx
Login.aspx has two simple TextBox controls and a Button control named as
txtUserName, txtPassword and btnLogin respectively. When you click the Login
button, the btnLogin_Click () method executes, and the FormsAuthentication.
Authenticate () method checks whether the username and password entered into
the TextBox controls match a username and password in the web configuration
file. If the user successfully authenticates, the FormsAuthentication.
RedirectFromLoginPage () method is called.
.
protected void btnLogin_Click (object sender, EventArgs e)
{
if (FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text))
FormsAuthentication.RedirectFromLoginPage (txtUserName. Text, true);
else
lblError.Text = “User name or password is wrong”;
}
Passport Authentication
It is a centralize service provided by Microsoft. Passport Authentication allows
users to create a single registration and get the user name and password to
access any site that has implemented the Passport Authentication service. MSN
and Hotmail uses the passport authentication. If you have done registration in
MSN then you can access Hotmail with same user name and password without
registration in Hotmail.
Implementation of .NET Passport Authentication Service
Download the Microsoft .NET Passport SDK from the Microsoft Site.
Register your application in .NET Service Manager.
Get the SiteID and Application key after registering your application with .NET
Services Manager.
