Tag Archive | web.config

Manipulate configuration files to change ASP.NET behavior

As you no doubt already now it, the .NET Framework stores application configuration information in dedicated XML files, with the extension of .config. You can easily manage your application using these configuration files. When working with ASP.NET, the hierarchy is as follows:

  1. Machine.config
  2. Machine web.config
  3. Root (application) web.config
  4. Subfolder web.config

Read More…

Forms Authentication

 ASP.NET Authentication/Authorization

There are four types of authentication in ASP.NET:

  • Windows authentication
  • Forms authentication (used by the membership API)
  • Passport authentication (mostly obsolete, consider Windows Live instead)
  • Anonymous access

Forms Authentication:

Forms Authentication is a token-based auth method. After login, the user gets an encrypted cookie with the login information. This token can also be stored in the query string, but more of it later. The process is simple:

  1. The client makes a request.
  2. IIS (if configured properly for Forms Authentication) passes the request to ASP.NET.
  3. ASP.NET checks for an authentication cookie (or info). If found it, proceeds to step 7.
  4. Redirects the user to the login page (default Login.aspx in machine.config).
  5. User enters credentials, ASP.NET authenticated. If authentication fails, access will be denied.
  6. If authentication succeeds, a cookie will be attached.
  7. ASP.NET tests the authorization settings and the current user.
  8. If fails, access will be denied, else access granted.

Pros to use Forms Authentication:

  • Full control over the authentication code, via Membership API.
  • Full control over the appearance.
  • No browser-incompatibility issues.
  • Enables to decide where and how to store user information.
  • Read More…