In this article I will explain What is authentication
and authorization and what are the basic security settings and types of authentication
and authorization mechanisms.
Authentication
:
Authentication knows the identity of
the user.
Authorization :
Authorization is deciding whether a user is allowed to perform an action.
Configure the security settings in Web.config file:
This section demonstrates how to add and modify the <authentication> and <authorization> configuration
sections to configure the ASP.NET application to use forms-based
authentication.
1.
In Solution Explorer, open the Web.config file.
2.
Change the authentication mode to Forms.
3.
Insert the <Forms> tag, and fill the appropriate attributes. (For
more information about these attributes, refer to the MSDN documentation or the
QuickStart documentation that is listed in the REFERENCES section.)
Copy the following code, and then click Paste as HTML on the Edit menu
to paste the code in the <authentication> section of the
file:
<authentication mode="Forms">
<forms
name=".ASPXFORMSDEMO" loginUrl="logon.aspx"
protection="All"
path="/" timeout="30" />
</authentication>
4.
Deny access to the anonymous user in the <authorization> section
as follows:
<authorization>
<deny users ="?"
/>
<allow users = "*"
/>
</authorization>
Types
of authentication and authorization
There are three ways
of doing authentication and authorization in ASP.NET:-
• Windows authentication: - In this methodology ASP.NET web pages
will use local windows users and groups to authenticate and authorize
resources.
• Forms Authentication: - This is a cookie based authentication
where username and password are stored on client machines as cookie files or
they are sent through URL for every request. Form-based authentication presents
the user with an HTML-based Web page that prompts the user for credentials.
• Passport authentication: - Passport authentication is based on the passport
website provided
by the Microsoft .So when user logins with
credentials it will be reached to the passport website (i.e. hotmail,devhood,windows
live etc) where authentication will happen. If Authentication is successful it
will return a token to your website.