Authentication is the process of determining the authenticity of a user based on the user’s credentials. Whenever a user logs on to an application, the user is first authenticated and then he is authorized. The application’s web.config file will contain all the configuration settings for an ASP.NET 2.0 application. It is the job of the authentication provider to verify the credentials of the user and decide whether the user should be considered authenticated or not. An authentication provider is used to verify and prove the identity of the users in a system. ASP.NET 2.0 establishes three ways to authenticate a user:
• Forms authentication
• Windows authentication
• Passport authentication
Naturally, asp.net contains the three respective authentication providers which support the above authentication modes.
Forms Authentication
This authentication mode is generally based on the cookies where the user name and the password are stored either in a text file or in a database. After a user is authenticated, the user’s credentials are stored in a cookie for use during that session. When the user has logged in and requests for a page that is insecure, he or she will be redirected to the login page of the application. Forms authentication helps to support both the session and persistent cookies. Authentication modes can be specified in the application’s web.config file.
Generally the user’s credentials are stored in the database and the credentials entered are verified against those that are stored in the database. Typically, the user enters the username and the password, clicks the login button and the form validates the values against values from the database.
Windows Authentication
This is the default authentication mode in ASP.NET 2.0. Using this mode, a user is authenticated based on his/her Windows account. Windows Authentication can be used only in an intranet environment where the administrator has full control over all the users that are in the network.
Windows authentication will be of the following types
• Anonymous Authentication
• Basic Authentication
• Digest Authentication
• Integrated Windows Authentication
Passport Authentication
Passport authentication is a centralized authentication service which makes use of Microsoft's Passport Service to authenticate the users of an application. It allows the users to create a single sign-in name and password to have access to any site that has implemented the Passport single sign-in (SSI) service.
Authorization is the process of determining the accessibility to a resource for a user who has been previously authenticated. Note that the authorization can work only with authenticated users, thus ensuring that no un-authenticated user can have access to the application. The default authentication mode is anonymous authentication. There can be three types of authorization in ASP.NET 2.0. They are
• URL Authorization
• File Authorization
• Authorization based on ACLs
Authorization like authentication is specified in the web.config file of the application.
Since the authentication in the web environment is critical and very sensitive to be taken as utmost important aspect. We at “Golden Web Design” take utmost care to make sure that security is maintained at all the times. Whether it is eCommerce or a dynamic environment in the web development, we always strive to put the latest and best in security measures to avoid any phishing or compromises on the user’s machine.