ASP.NET authentication

s stated above, ASP.NET and IIS securities go hand in hand. Therefore ASP.NET authentication also relies on the settings that we make in IIS. ASP.NET offers following types of authentications:

Authentication: the process of validating the identity of a user to allow or deny a request ^[4,9,10]. This involves accepting credentials (e.g. username and password) from the users and validating it against a designated authority. After the identity is verified and validated, the user is considered to be legal and the resource request is fulfilled. Future request from the same user ideally are not subject to the authentication process until the user logs out of the web application.
Authorization: the process of ensuring that users with valid identity are allowed to access specific resources.
Impersonation: this process enables an application to ensure the identity of the user, and in turn make request to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. In other words, impersonation enables a server process to run using the security credentials of the client ^[6,9]. Thus, the ASP.NET applications are capable to execute the identity of client on whose behalf they are operating.

The authentication option for the ASP.NET application is specified by using the <authentication> tag in the Web.config file, as shown below:


<authentication mode=”Windows | Forms | Passport | None”>
	other authentication options
</authentication>

Authentication in ASP.NET is one of the best features of the web
application's security, which it is divided into 3 different built-in
providers: Forms-based, Passport and Windows Authentication. The
Forms-based and passport authentication do not require the users to be
as Windows users. Meanwhile, the windows authentication is designed for
users that are part of Windows domain.

Bookmark to: