Authentication

Authentication
The process of identifying an individual, usually
based on a username and password.
Authentication: - prove genuineness
 Types of authentication

Forms Authentication: - This is a cookie based authentication where

username and password are stored on client machines as cookie files or they

are sent through URL for every request.

Form-based authentication presents the user with an HTML-based Web

page that prompts the user for credentials.

 Windows authentication

Windows authentication, passwords never cross the network.

Users must still have a username and password, but the application uses either the
Kerberos or challenge/response protocols authenticate the user.
Kerberos is a network authentication protocol.
It is designed to provide strong authentication for client/server applications by
using secret-key cryptography.
Kerberos is a solution to network security problems.
It provides the tools of authentication and strong cryptography over the network to
help to secure information in systems across entire enterprise
 Selecting an authentication provider is as simple as making
an entry in the web.config file for the application.
use one of these entries to select the corresponding built in
authentication provider:

<authentication mode="windows">
<authentication mode="passport">
<authentication mode="forms">
 Authorization

Authorization , which is the process of giving

individuals access to system objects based on
their identity.

Authorization: - process of granting approval or

permission on resources.
Authorization is process of allowing or denying
particular resources to user or role in asp.net.
To add authorization in system.web section to
implement our custom requirements like allow or deny
resources to particular user / role.
<configuration>
<system.web>
<authentication mode="Forms">
</authentication>
<authorization>
<deny users="?"/><!--will deny anonymous users-->
</authorization>
</system.web>
</configuration>
<configuration>

<system.web>

<authentication mode="Forms"/>

<authorization>

<deny users="?"/> <!--This will restrict anonymous user access-->

</authorization>

</system.web>

<location path="Registration.aspx"> <!-- Path of your Registration.aspx page -->

<system.web>

<authorization>

<allow users="*"/> <!-- This will allow users to access to everyone to

Registeration.aspx-->

</authorization>

</system.web>

</location>

</configuration>
<configuration>
<system.web>
<authorization>
<allow users="SureshDasari"/> <!-- It will allow
only SureshDasari -->
<deny users="*"/> <!--Deny others -->
</authorization>
</system.web>
</configuration>
<configuration>
<location path="AdminFolder">

<system.web>

<authorization>

<allow roles="Admin"/> <!—Allows Admin role Users-->

<deny users="*"/> <!--Deny everyone else Admin role Users-->

</authorization>

</system.web>

</location>

<location path="CustomerFolder">

<system.web>

<authorization>

<allow roles="Admin, Customers"/> <!--Allow users in Admin and Customers roles-->

<deny users="*"/> <!--Deny rest of all-->

</authorization>

</system.web>

</location>

</configuration>