Skip to main content

ASP.NET Authentication


What is Authentication?

Authenticating a user on a website means that you verify that this user is a valid user, that is, verifying who the user is using username/password or certificates, etc

Authentication knows the identity of the user

Authentication verifies who you are

Example: When you login to access some site then your logon credential (userid/password) identifies

There are three ways of doing authentication and authorization in ASP.NET

Windows based Authentication:

When you are providing access to the resources based on the network level login then it is called as “Windows based Authentication”.

The windows based authentication is applicable only towards private website of the organization i.e. intranet based implementation.

Credentials are stored in the Web server s local user database or an Active Directory 

domain. Once identified you can use the user s credentials to gain access to resources that are protected by Windows authorization 

Form based Authentication:

Using forms authentication we can decide certain users can access only certain pages or we can control the anonymous access, we can implement folder level access and roles.

When u want to provide access to the resources based on the credentials provided with custom login page then it is called as “Form Based Authentication

The custom login page will be designed by the developer and credentials can be verified with the database server.

When client makes a request to the webpage other than “Login.aspx”, the web server will respond with Login page. Once the user submits proper credentials, web server will respond with requested webpage along with security token.

The security token will be sent to the client system in the form of cookie. This will act as an identity for the user for sub sequent requests.

The form based authentication is applicable for the public website i.e. internet level implementation.


Passport Authentication:

Passport authentication identifies a user with using his or her e-mail address and a password and a single Passport account can be used with many different Web sites. Passport authentication is primarily used for public Web sites with thousands of users. 

Passport authentication is an authentication for collection of Websites, so it is called as “Single sign on Service”.

The major problem with this Authentication is users’ information will be under the control of Microsoft.

Passport authentication relies on a centralized service provided by Microsoft.







Labels:

Comments

Post a Comment

Popular posts from this blog

Connected and disconnected architecture in ADO.Net with Example

Connected Architecture of ADO.NET The architecture of ADO.net, in which connection must be opened to access the data retrieved from database is called as connected architecture. Connected architecture was built on the classes connection, command, datareader and transaction.  Connected architecture is when you constantly make trips to the database for any CRUD (Create, Read, Update and Delete) operation you wish to do. This creates more traffic to the database but is normally much faster as you should be doing smaller transactions. Disconnected Architecture in ADO.NET The architecture of ADO.net in which data retrieved from database can be accessed even when connection to database was closed is called as disconnected architecture. Disconnected architecture of ADO.net was built on classes connection, dataadapter, commandbuilder and dataset and dataview. Disconnected architecture is a method of retrieving a recor
37 comments
Read more

HTTPHandler and HTTPModule in ASP.NET

If you want to implement pre-processing logic before a request hits the IIS resources. For instance you would like to apply security mechanism, URL rewriting, filter something in the request, etc. ASP.NET has provided two types of interception HttpModule and HttpHandler .   The web server examines the file name extension of the requested file, and determines which ISAPI extension should handle the request. Then the request is passed to the appropriate ISAPI extension.  For Example When an .aspx page is requested it is passed to ASP.Net page handler. Then Application domain is created and after that different ASP.Net objects like Httpcontext, HttpRequest, HttpResponse. HTTPModule: -    It's just like a filter. The Modules are called before and after the handler executes . -    HTTP Modules are objects which also participate the pipeline but they work before and after the HTTP Handler does its job, and produce additional services within the pipeline -  
125 comments
Read more

ASP.NET Page Life Cycle with example

In this article, we are going to discuss the different methods and order they are executed during the load of an .aspx web page. Methods Description Page_PreInit Before page Initialization Page_Init Page Initialization LoadViewState View State Loading LoadPostData Postback Data Processing Page_Load Page Loading RaisePostDataChangedEvent PostBack Change Notification RaisePostBackEvent PostBack Event Handling Page_PreRender Page Pre Rendering Phase SaveViewState View State Saving Page_Render Page Rendering Page_Unload Page Unloading PreInit : The entry point of the page life cycle is the pre-initialization phase called “PreInit”. You can dynamically set the values of master pages and themes in this event. You can also dynamically create controls in this event.  Init : This event fires after each control h
5 comments
Read more