Tag Archive | Windows Authentication

Establish security settings in Web.config

In this post (which is the 100th one in the life of the blog), we’ll review three important security-related settings that you can define in your application’s web.config file, namely: authentication, authorization and impersonation. You’ll find a very thorough article about the topic here.

First a little terminology: authentication is the process of identifying, authorization is of checking rights. A common example: when you check-in to a plane, you show your ID, passport, etc. to identify yourself. Then you show your ticket for the given plane, to show that you are authorized to be there. It’s that simple. And impersonation is the process of taking someone else’s personality, which is a bad, bad thing. So long for terminology.

There are some a few authentication types in ASP.NET.  Windows authentication uses the Kerberos protocol (or NTLM) to identify itself. Let’s consider it using with and without impersonation. You’d use Windows authentication with impersonation when:
Read More…


Windows Authentication

Hello, as I promised, here is a brief note about Windows Authentication in ASP.NET. I omitted the too advanced tools, which won’t be needed for this exam.

ASP.NET Authentication/Authorization

There are four types of authentication in ASP.NET:

–          Windows authentication

–          Forms authentication (used by the membership API)

–          Passport authentication (mostly obsolete, consider Windows Live instead)

–          Anonymous access

Windows authentication:

Use it when:

–          Dealing with a smaller set of known users.

–          Who have Windows user accounts.

–          Potentially in intranet applications.

Windows authentication matches web users to the predefined Windows users (local or Active Directory). WA isn’t a built in feature of ASP.NET, IIS handles everything. To configure it, set authentication mode to Windows in the web.config.

Read More…