By -

ASP.NET authentication modes

Hi all,
Back to basic stuffs, I desire to speak a little about Microsoft ASP.NEt authentication method, taking it from a conceptual level and bring it to the code. It's true that many web sites talk about this subject what what's more interesting that associating concepts coming from theory to real world samples, and that's what we ' are going to do here.

In this article we will see the tree forms of authentication we can use in ASP.NET applications, and we'll make a particular illustration of the Form authentication method. Of course the tree methos are:

  • Windows authentication

  • Forms authentication

  • Passport authentication

Windows authentication

With Windows authentication, ASP.NEt does'nt rely on the application itself but on the operating system to authenticate the user. When the user requests a secure web page from the application, the request goes to Internet Information Services (IIS) . Then IIS compares the user's logon with thoses on the web server or on the domain. If the user's credentials do not match those autorised, IIS rejects the request. The client computer generate a logon dialog box and the user enters the credentials. Again IIS compares the credentials to those authorised and if they're are correct it redirects the request to the correct web page which will be send to the user.

Form authentication

in Form authentication method IIS does not perform the authentication. The IIS security settings for Web applications are set to Allow anonymous acces. When a user request a web page IIS authenticate the user as anonymous user and pass the request to ASP.NET. ASP.NET then, checks for the presence of a specific cookie on the client. If the cookie is not found or is invalid ASP.NET rejects the client and returns a login page. This login page is specified in Web.Config file under the authentication tag. The user supply logon informations on the authentication form and submit the form again. Again IIS authenticate the user as anonymous and pass the request to ASP.NET. This time ASP.NET authenticates the user based on the submitted credentials and it generates a cookie. The requested secured page and the cookie are returned to the client. As long as the cookie remains valid the user can use and view other secured web page with the same credentials.

Comments

Lucky Balaraman said…
Skaffe.com Launches Free Blog Hosting
September 21, 2005 -- -- Investment and management groups of search directory Skaffe.com announced on Wednesday it is now offering blog, or Weblog, hosting services - one of several enhancements it has made in ...

Neat! I really like what you're doing here...

When you have a spare moment you should come over to my architectural drafting site to see what's on in the architectural drafting world.

Keep up the great blogging!
2:41 PM
Post a Comment

Popular posts from this blog

By -
We are taking off for a new adventure in development: It's about developing a framework which will enable us to persist our business objects into databases, file systems or xml file system. STEP 1: CREATING A BUSINESSOBJECT ATTRIBUTE namespace ORMCore { /// /// This attribute is used to enable the ORMFramework /// to create an associate table on the RDBMS /// [ AttributeUsage(AttributeTargets.Class, AllowMultiple = false)] public class BusinessObjectAttribute:Attribute { private string _databaseName; public string DatabaseName { get { return _databaseName; } } private string _databaseConnexionString; public string DatabaseConnexionString { get { return _databaseConnexionString; } } public BusinessObjectAttribute(string databaseName) { this._databaseName = databaseName; } public B
Read more
By -
Image
Sql Server adapters for Biztalk Server One of the greatest difficulties I found when I started working with BizTalk 2004 was the lack of documentation about the SQL Adapter. In this article, I'm going to demonstrate how we can use this adapter in an Orchestration of BizTalk. The Example To build this example, we're going to use the Northwind database. We're going to simulate a hypothetical situation where we receive an XML message as a file, containing the order number, a customer ID, and the date of the order. In the orchestration, we will use SQL Server to search the additional information about the customer, using the SQL Adapter. Creating the Project We'll start this article by creating a new BizTalk Server project in Visual Studio. In the Visual Studio .NET menu, select the "New Project" option, and for the type of project, select "BizTalk Projects". Select the template "Empty BizTalk Project" and create a project named OrderManager.
Read more
By -
Writing effective adapters for Biztalk Server Introduction Many people, both within Microsoft and in third-party companies, have written successful adapters for Microsoft® BizTalk® Server. This task can be difficult, and this paper is intended to present some of the "tricks of the trade" that these developers have learned, in the hope that these will help others avoid common problems. This document is structured as a set of issues that programmers face when writing adapters, and provides guidelines for resolving these issues. These guidelines can be read in any order, although you may find that reading the whole document first will make the individual guidelines easier to understand. Effective Writing for Adapters Much of the complexity in writing adapters for BizTalk Server is centered on the problems of batched operations and that is what we will look at first. Operations, Messages, Batching, and Transactions Adapters commonly support sending messages to and receiving messa
Read more