Authentication is the mechanism where a system uses to identify their user. In ASP .NET, the authentication may be set in web.config file to verify the credentials of the user and decides whether the user is authenticated or not.
Authorization is the mechanism where a system uses to determine what level of access for a particular user.
So, when a user logs on to a system, the user will be authenticated first before be authorized.
Ways to authenticate user in ASP .NET:
- Forms Authentication
This authentication depends on code written in the system. Credentials are entered on web forms then used to match with the user information in the database table. - Windows Authentication
This authentication is the default authentication provider for ASP .NET application. The user logs in to an application using this authentication, the credentials are matched with the Windows domain through IIS.
There are 4 types of Window Authentication methods:- Anonymous Authentication – IIS allows any user
- Basic Authentication – windows username and password (credentials) has to be sent across the network in plain text format (not very secure).
- Digest Authentication – Same as Basic Authentication but the credentials are encrypted.
- Integrated Windows Authentication – Depend on Kerberos technology, with strong credential encryption.
- Anonymous Authentication – IIS allows any user
- Passport Authentication
This authentication already obsolete in .NET 2.0 - “None” mean no authentication
Types Authorization in .NET
- File Authorization
Relying on the NTFS system for granting permission - Url Authorization
Specify authorization rules in web.config for different web URLs.
0 comments:
Post a Comment