Wednesday, 29 May 2013

ASP.NET Authentication and Authorization


Authentication Authentication is the process of attaining identification credentials such as username and passwordfrom a user and validating those credentials against some authority.  If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity. Once an identity has been authenticated, the authorization process determines whether that identity has access to a given resource.


Authorization : The purpose of authorization is to determine whether an identity should be granted the requested type of access to a given resource.

There are three types of Authentication.They are
1. Forms Authentication
2. Windows Authentication
3. Passport Authentication

Forms Authentication is cookie based, as ASP.NET places a cookie in the client machine in order to track the user. If the user requests a secure page and has not logged in, then ASP.NET redirects user to the login page. Once the user is authenticated, then user will be allowed to access the requested page. 

Windows Authentication can be used only in an intranet environment where the administrator has full control over the users in the network. 

Passport Authentication Passport authentication is a centralized authentication service that uses Microsoft's Passport Service to authenticate the users of an application. It allows the users to create a single sign-in name and password to access any site that has implemented the Passport single sign-in (SSI) service. 


In this example, we are showing how authentication and authorization works. We are taking 3 Roles ADMIN, USER and SECURE USER. When Admin logins he has permissions to access all the modules. When user logins he can access all modules except ADMIN module. And when the secure user logins he can access only the Secure module.

In this example we have taken one XML file (UserInformation.xml) for Users Information and Roles. This xml file works as the database file. And every Authenticate Requests Fires from the browser is from Global.asax file.
This is the best example of Authentication and Authorization.

No comments:

Post a Comment