Windows authentication in asp.net

Windows Authentication is used to validate a user based on the user’s Windows Account; however, this is only applicable in intranet environments where the administrator has full control over the users in the network. The following code snippet illustrates how we can implement Windows Authentication in ASP.NET.

<authentication mode=”Windows”/>
<authorization>
<allow users =”*” />
</authorization>

Note that the symbol “*” indicates all users inclusive of Authenticated and Anonymous users. Windows authentication can be of the following types

• Anonymous Authentication
• Basic Authentication
• Digest Authentication
• Integrated Windows Authentication

In the Anonymous Authentication mode IIS allows any user to access an ASP.NET application without any authentication checking.
In Basic Authentication mode users will be required to provide the Windows user name and password; however, this is very insecure.

The Digest Authentication mode is identical to Basic Authentication with the exception that the password is hashed before it is sent across the network.
In Integrated Windows Authentication mode, the passwords are not sent across the network; rather, the application uses some network authentication protocols for it to operate.

Tags: asp.net, windows authentication, asp, authentication

Related posts

• Impersonation in asp.net (0)
• Passport authentication in asp.net (0)
• Visual Studio 2005 Service Pack 1 Gotchas (0)
• Update for Programming Atlas (0)
• Microsoft Visual Studio “Orcas” Beta 1 (0)