Powered by Blogger.

Saturday, March 15, 2014

Tutorial on Asp.Net Security

In this post we will discuss about Asp.Net security. Also you can check out:

- Advantages of WCF in Asp.Net

- Get all time zones in C#.Net

- How to disable right click by using jQuery in asp.net?

When client makes a request to the web server, web server will attach a user account to the client request under which processing of the web page will be taken. By submitting this user account web apge will access other resources on the network.

The default user account will be IUSR_SYSTEMNAME. But the user account can be changed according to the requirement. This process id called as impersonation.

The impersonation process can be implemented through web.config using Identity tag like below:

<Identity impersonate="true" username="user1" password="password" />

Authentication is the process of getting credentials of the client. The credentials can be user name, password security token so on.

Autherization is the process of verifying credentials to provide access to requested resources (web pages).

Asp.Net supports 3 types of Authentication:

- Windows based authentication

- Form based Authentication

- Passport Based Authentication