Skip to main content

ASP.NET Authentication


What is Authentication?

Authenticating a user on a website means that you verify that this user is a valid user, that is, verifying who the user is using username/password or certificates, etc

Authentication knows the identity of the user

Authentication verifies who you are

Example: When you login to access some site then your logon credential (userid/password) identifies

There are three ways of doing authentication and authorization in ASP.NET

Windows based Authentication:

When you are providing access to the resources based on the network level login then it is called as “Windows based Authentication”.

The windows based authentication is applicable only towards private website of the organization i.e. intranet based implementation.

Credentials are stored in the Web server s local user database or an Active Directory 

domain. Once identified you can use the user s credentials to gain access to resources that are protected by Windows authorization 

Form based Authentication:

Using forms authentication we can decide certain users can access only certain pages or we can control the anonymous access, we can implement folder level access and roles.

When u want to provide access to the resources based on the credentials provided with custom login page then it is called as “Form Based Authentication

The custom login page will be designed by the developer and credentials can be verified with the database server.

When client makes a request to the webpage other than “Login.aspx”, the web server will respond with Login page. Once the user submits proper credentials, web server will respond with requested webpage along with security token.

The security token will be sent to the client system in the form of cookie. This will act as an identity for the user for sub sequent requests.

The form based authentication is applicable for the public website i.e. internet level implementation.


Passport Authentication:

Passport authentication identifies a user with using his or her e-mail address and a password and a single Passport account can be used with many different Web sites. Passport authentication is primarily used for public Web sites with thousands of users. 

Passport authentication is an authentication for collection of Websites, so it is called as “Single sign on Service”.

The major problem with this Authentication is users’ information will be under the control of Microsoft.

Passport authentication relies on a centralized service provided by Microsoft.







Labels:

Comments

Post a Comment

Popular posts from this blog

Connected and disconnected architecture in ADO.Net with Example

Connected Architecture of ADO.NET The architecture of ADO.net, in which connection must be opened to access the data retrieved from database is called as connected architecture. Connected architecture was built on the classes connection, command, datareader and transaction.  Connected architecture is when you constantly make trips to the database for any CRUD (Create, Read, Update and Delete) operation you wish to do. This creates more traffic to the database but is normally much faster as you should be doing smaller transactions. Disconnected Architecture in ADO.NET The architecture of ADO.net in which data retrieved from database can be accessed even when connection to database was closed is called as disconnected architecture. Disconnected architecture of ADO.net was built on classes connection, dataadapter, commandbuilder and dataset and dataview. Disconnected architecture is a method of retrieving a r...
37 comments
Read more

ASP.Net AJAX Interview Questions

What is Ajax? Ajax means " Asynchronous Javascript and XM L". Ajax represents a set of commonly used techniques, like HTML/XHTML, CSS, Document Object Model(DOM), XML/XSLT, Javascript and the XMLHttpRequest object, to create RIA's (Rich Internet Applications). ASP.NET AJAX update only a specified portion of data without refreshing the entire page. The ASP.NET AJAX works with the AJAX Library that uses object-oriented programming (OOP) to develop rich Web applications that communicate with the server using asynchronous postback. What are the different controls of ASP.NET AJAX? ASP.NET AJAX includes the following controls: ScriptManager ScriptManagerProxy UpdatePanel UpdateProgress Timer Describe the technology that makes up AJAX?   AJAX is based on the following web standards: XMLHttpRequest Object JavaScript HTML/DHTML DOM XML CSS What role does the ScriptManager play?   The ScriptManager manages all ASP.Net AJAX resour...
2 comments
Read more

HTTPHandler and HTTPModule in ASP.NET

If you want to implement pre-processing logic before a request hits the IIS resources. For instance you would like to apply security mechanism, URL rewriting, filter something in the request, etc. ASP.NET has provided two types of interception HttpModule and HttpHandler .   The web server examines the file name extension of the requested file, and determines which ISAPI extension should handle the request. Then the request is passed to the appropriate ISAPI extension.  For Example When an .aspx page is requested it is passed to ASP.Net page handler. Then Application domain is created and after that different ASP.Net objects like Httpcontext, HttpRequest, HttpResponse. HTTPModule: -    It's just like a filter. The Modules are called before and after the handler executes . -    HTTP Modules are objects which also participate the pipeline but they work before and after the HTTP Handler does its job, and produce additional serv...
124 comments
Read more