Scribd
Upload
35 views11 pages

Authentication

The document discusses authentication and authorization in ASP.NET. Authentication is the process of identifying users, usually with a username and password. There are different types of authentication like forms authentication and Windows authentication. Authorization is the process of granting access to resources based on a user's identity. Authorization in ASP.NET can be configured to allow or deny access to particular users, roles or anonymous users for specific system objects or folders.

Uploaded by

gsakash14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views11 pages

Authentication

The document discusses authentication and authorization in ASP.NET. Authentication is the process of identifying users, usually with a username and password. There are different types of authentication like forms authentication and Windows authentication. Authorization is the process of granting access to resources based on a user's identity. Authorization in ASP.NET can be configured to allow or deny access to particular users, roles or anonymous users for specific system objects or folders.

Uploaded by

gsakash14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Authentication

Authentication
The process of identifying an individual, usually
based on a username and password.
Authentication: - prove genuineness
Types of authentication

Forms Authentication: - This is a cookie based authentication where

username and password are stored on client machines as cookie files or they

are sent through URL for every request.

Form-based authentication presents the user with an HTML-based Web

page that prompts the user for credentials.


Windows authentication

Windows authentication, passwords never cross the network.


Users must still have a username and password, but the application uses either the
Kerberos or challenge/response protocols authenticate the user.
Kerberos is a network authentication protocol.
It is designed to provide strong authentication for client/server applications by
using secret-key cryptography.
Kerberos is a solution to network security problems.
It provides the tools of authentication and strong cryptography over the network to
help to secure information in systems across entire enterprise
Selecting an authentication provider is as simple as making
an entry in the web.config file for the application.
use one of these entries to select the corresponding built in
authentication provider:

<authentication mode="windows">
<authentication mode="passport">
<authentication mode="forms">
Authorization

Authorization , which is the process of giving


individuals access to system objects based on
their identity.

Authorization: - process of granting approval or


permission on resources.
Authorization is process of allowing or denying
particular resources to user or role in asp.net.
To add authorization in system.web section to
implement our custom requirements like allow or deny
resources to particular user / role.
<configuration>
<system.web>
<authentication mode="Forms">
</authentication>
<authorization>
<deny users="?"/><!--will deny anonymous users-->
</authorization>
</system.web>
</configuration>
<configuration>

<system.web>

<authentication mode="Forms"/>

<authorization>

<deny users="?"/> <!--This will restrict anonymous user access-->

</authorization>

</system.web>

<location path="Registration.aspx"> <!-- Path of your Registration.aspx page -->

<system.web>

<authorization>

<allow users="*"/> <!-- This will allow users to access to everyone to


Registeration.aspx-->

</authorization>

</system.web>

</location>

</configuration>
<configuration>
<system.web>
<authorization>
<allow users="SureshDasari"/> <!-- It will allow
only SureshDasari -->
<deny users="*"/> <!--Deny others -->
</authorization>
</system.web>
</configuration>
<configuration>
<location path="AdminFolder">

<system.web>

<authorization>

<allow roles="Admin"/> <!—Allows Admin role Users-->

<deny users="*"/> <!--Deny everyone else Admin role Users-->

</authorization>

</system.web>

</location>

<location path="CustomerFolder">

<system.web>

<authorization>

<allow roles="Admin, Customers"/> <!--Allow users in Admin and Customers roles-->

<deny users="*"/> <!--Deny rest of all-->

</authorization>

</system.web>

</location>

</configuration>

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy