What is authentication and authorization? Types of authentication and authorization mechanisms?

In this article I will explain What is authentication and authorization and what are the basic security settings and types of authentication and authorization mechanisms.

Authentication :

Authentication knows the identity of the user.

Authorization :

Authorization is deciding whether a user is allowed to perform an action.

Configure the security settings in Web.config file:

This section demonstrates how to add and modify the <authentication> and <authorization> configuration sections to configure the ASP.NET application to use forms-based authentication.

1.      In Solution Explorer, open the Web.config file.

2.      Change the authentication mode to Forms.

3.      Insert the <Forms> tag, and fill the appropriate attributes. (For more information about these attributes, refer to the MSDN documentation or the QuickStart documentation that is listed in the REFERENCES section.) Copy the following code, and then click Paste as HTML on the Edit menu to paste the code in the <authentication> section of the file:

<authentication mode="Forms">

   <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"

   protection="All" path="/" timeout="30" />

</authentication>

                                                                 

4.      Deny access to the anonymous user in the <authorization> section as follows:

<authorization>

   <deny users ="?" />

   <allow users = "*" />

</authorization>

Types of authentication and authorization

There are three ways of doing authentication and authorization in ASP.NET:-

• Windows authentication: - In this methodology ASP.NET web pages will use local windows users and groups to authenticate and authorize resources.

• Forms Authentication: - This is a cookie based authentication where username and password are stored on client machines as cookie files or they are sent through URL for every request. Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.

• Passport authentication: - Passport authentication is based on the passport website provided
by the Microsoft .So when user logins with credentials it will be reached to the passport website (i.e. hotmail,devhood,windows live etc) where authentication will happen. If Authentication is successful it will return a token to your website.