How asp.net security works
The ASP.NET security framework accomplishes this by working in conjunction with the various security subsystems present in the machine where ASP.NET is installed. This includes security provided by the operating system ( NTFS file access permissions ) as well as security provided by IIS ( host or IP address authorization ).
And since ASP.NET is built on the Microsoft .NET Framework, the ASP.NET application developer also has access to all of the built-in security features of the .NET Framework, such as code access security and role-based user-access security.
It is imperative to understand how the various security subsystems interact, to be able to secure your ASP.NET application effectively.
Basically, to enable security for an ASP.NET application, you need to configure the application to implement, at the very least, the two fundamental functionalities
| Authentication | The process of obtaining identification credentials from a user ( such as name and password ), and validating those credentials against some authority. |
| Authorization | The process of controlling access to resources based on the authenticated identification credentials ( such as role ). |
Tags: asp.net, asp, authentication, authorisation