Powered by Blogger.

Saturday, March 15, 2014

Authentication and Authorization in Asp.Net

In this article we will discuss about Authentication and Authorization in Asp.Net. Also you can check out:

- WPF Tutorial in Asp.Net-Windows Presentation Foundation

- Tutorials on WCF in Asp.Net

- Triggers in sql server 2008

This is the process of determining users identities and forcing those users to prove they are who they claim to be. Normally user enter credentials against a longin page and then they are authenticated against the Windows user accounts on a computer, a list of users in a file, or a back-end database.

To secure asp.net web site, you can use two types of authentication.

1- Forms Authentication:

Forms authetication works with conjunction with database where you store user information like user name or password. But you also can store user information in any where else.

To implement Forms Authentication follow these three steps:

- Set the authentication mode to forms authentication in the web.config file.

- Restrict anonymous users from a specific page or directory in your application.

- Create the login page.

2- Windows authentication:

With Windows authentication, the web server forces every user to log in as a Windows user. Here all users should have Windows user accounts on the server.

To implement Windows authentication follow below steps:

- Set the authentication mode to Windows authentication in the web.config file.

- Disable anonymous access for a directory by using an authorization rule.

- Configure the Windows user accounts on your web server.

Authorization is the process of determining whether that user has sufficient permission to perform a given action such as viewing a page or retrieving information from a database. But provided the user should have been authenticated before.