Archive | Configuring and Deploying Web Applications RSS for this section

Forms Authentication

 ASP.NET Authentication/Authorization

There are four types of authentication in ASP.NET:

  • Windows authentication
  • Forms authentication (used by the membership API)
  • Passport authentication (mostly obsolete, consider Windows Live instead)
  • Anonymous access

Forms Authentication:

Forms Authentication is a token-based auth method. After login, the user gets an encrypted cookie with the login information. This token can also be stored in the query string, but more of it later. The process is simple:

  1. The client makes a request.
  2. IIS (if configured properly for Forms Authentication) passes the request to ASP.NET.
  3. ASP.NET checks for an authentication cookie (or info). If found it, proceeds to step 7.
  4. Redirects the user to the login page (default Login.aspx in machine.config).
  5. User enters credentials, ASP.NET authenticated. If authentication fails, access will be denied.
  6. If authentication succeeds, a cookie will be attached.
  7. ASP.NET tests the authorization settings and the current user.
  8. If fails, access will be denied, else access granted.

Pros to use Forms Authentication:

  • Full control over the authentication code, via Membership API.
  • Full control over the appearance.
  • No browser-incompatibility issues.
  • Enables to decide where and how to store user information.
  • Read More…

    Advertisements

    Windows Authentication

    Hello, as I promised, here is a brief note about Windows Authentication in ASP.NET. I omitted the too advanced tools, which won’t be needed for this exam.

    ASP.NET Authentication/Authorization

    There are four types of authentication in ASP.NET:

    –          Windows authentication

    –          Forms authentication (used by the membership API)

    –          Passport authentication (mostly obsolete, consider Windows Live instead)

    –          Anonymous access

    Windows authentication:

    Use it when:

    –          Dealing with a smaller set of known users.

    –          Who have Windows user accounts.

    –          Potentially in intranet applications.

    Windows authentication matches web users to the predefined Windows users (local or Active Directory). WA isn’t a built in feature of ASP.NET, IIS handles everything. To configure it, set authentication mode to Windows in the web.config.

    Read More…