5.3.09

Authentication in ASP.NET

The .NET Framework uses role-based security and code-based security mechanisms for protecting resources and code from unauthorized use.

Role-based security
Code-based security

in the Core Security Concepts in .NET

The common language runtime (CLR) and .NET Framework provide many useful classes and services that enable developers to easily write secure code and system administrators to customize access to protected resources. The CLR and .NET Framework provide classes and services that implement these basic underlying concepts, including:
· Principals
· Permissions
· Security policies
· Authentication
· Authorization

ASP.NET authentication methods contain the code that is necessary to authenticate the user’s credentials. ASP.NET supports three types of authentication methods. These are
1.Windows-based authentication
2.Forms-based authentication
3.Microsoft Passport authentication

1.---- With Windows-based authentication, the ASP.NET Web application relies on the Windows operating system to authenticate the user. ASP.NET uses Windows-based authentication in conjunction with IIS authentication.
With Windows-based authentication, the user requests a secure Web page from the Web application, and the request then goes through IIS. If the user’s credentials do not match those of an authorized user, IIS rejects the request. The user then has to enter his or her name and password into the logon form. The credentials are again verified by IIS. If correct, IIS directs the original request to the Web application. The secure Web page is then returned to the user
2.------ Forms-based authentication refers to a system where non-authenticated requests are redirected to a Hypertext Markup Language (HTML) form by using Hypertext Transfer Protocol (HTTP) client-side redirection. The user provides credentials and submits the form. If the application validates the credentials on the form, the system issues an authentication cookie to the user. Subsequent requests from the user are issued with the authentication cookie in the request headers, and then the user is authenticated based on those request headers.

3.---- Microsoft Passport authentication is a centralized authentication service that offers a single logon option and core profile services for member sites. Users who sign up to use Passport are authenticated for access to Web sites through a single Passport account. Microsoft Passport is an XML Web service, and it is an integral part of the .NET Framework

No comments: