- Gmail secure paypal and ebay users
- Matt Cutt gave new wordpress security tips
- Safe mode helps you diagnose problems
- Encrypting through USB drive
- This security update resolves two privately reported vulnerabilities in Outlook Web Access
- Domain Name System (DNS) is responsible for translating host names to IP
- WEP is an encryption scheme based on the RC-4 cipher
- McAfee, Inc. Endpoint Encryption Deployed by NHS for Widespread Data Protection
|
|||||||||||||||||
 |
|||||||||||||||||
|
ASP.NET authentication
Thursday, November 1, 2007, 23:49
This news item was posted in .NET Framework security category and has 1 Comment so far.
s stated above, ASP.NET and IIS securities go hand in hand. Therefore ASP.NET authentication also relies on the settings that we make in IIS. ASP.NET offers following types of authentications:
- Authentication: the process of validating the identity of a user to allow or deny a request [4,9,10]. This involves accepting credentials (e.g. username and password) from the users and validating it against a designated authority. After the identity is verified and validated, the user is considered to be legal and the resource request is fulfilled. Future request from the same user ideally are not subject to the authentication process until the user logs out of the web application.
- Authorization: the process of ensuring that users with valid identity are allowed to access specific resources.
- Impersonation: this process enables an application to ensure the identity of the user, and in turn make request to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. In other words, impersonation enables a server process to run using the security credentials of the client [6,9]. Thus, the ASP.NET applications are capable to execute the identity of client on whose behalf they are operating.
The authentication option for the ASP.NET application is specified by using the <authentication> tag in the Web.config file, as shown below:
<authentication mode="Windows | Forms | Passport | None"> other authentication options </authentication>
Authentication in ASP.NET is one of the best features of the web application's security, which it is divided into 3 different built-in providers: Forms-based, Passport and Windows Authentication. The Forms-based and passport authentication do not require the users to be as Windows users. Meanwhile, the windows authentication is designed for users that are part of Windows domain.
Related posts
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
ASP.NET authentication | ASP.NET Security said on Wednesday, November 7, 2007, 23:15
[...] Go here to see the original: ASP.NET authentication [...]