Blog
    C#
    ADO.Net
    .NET
    ASP.Net & Web Forms
    Custom Controls
    Web Development
    Exception Handling
    XML
    Database
    Security in .Net
    Testing
    Web Services
    Windows Services
    Windows Controls
    WCF
    AJAX
    WPF
    XAML
    Reporting
    Setup
    VB.Net
    LINQ
    JQuery
    SilverLight
    JavaScript
    HTML5
    Crystal Report
    Cloud Computing
    Share Point
    Visual C++
    MVC
    Android
    PHP
    Java
    HTML
    WordPress
    Joomla
    Products
    Drupal
    Windows Phone
    JSON
    LightSwitch
    iPhone/iPad
    Ruby on Rails
    IIS 7
    Windows 8
    CSS/CSS3
    Excel
    MS Access
    Shortcut Keys
    Visual SourceSafe
    Team Foundation Server
    API(s)
    Sencha-Touch
    Single Page App
    Bootstrap
Follow Us
Follow _MindStick_ on Twitter View MindStick Software's LinkedIn profile View MindStick Software's Facebook profile
Top Contributor
Advertisement
Advertise with Us
Mindstick
Article Article  Forum Forum  Blog Blog  Quiz Quiz  Beginner Beginner  Careers Careers  Contact Contact  Login Login  
Home | Product | Services | About Us | Interview | DeveloperSection | Submit an Article | Submit Blog
Report Abuse Form
Reason:    
 

Home >> ASP.Net & Web Forms >> Authentication and Authorization in ASP.NET
Authentication and Authorization in ASP.NET

In this blog I will explain concept of authentication and authorization in asp.net
Views: 3188     Comments: 1
by Awadhendra Tiwari on 5/19/2011

Authentication and Authorization in ASP.NET

Authentication:

Authentication is a process of identifying users on basis of their identity. Users provide their credential to prove their identity. Users apply many features to provide their credential. They use some login form type to provide their credentials. There is mainly three types of authentication process in windows operating system.

1)      Windows Authentication

2)      Forms Authentication

3)      Passport Authentication.

Windows Authentication:

Windows authentication is called NTLM and also known as Windows NT Challenge/Response authentication. Integrated windows authentication uses security feature provided by windows clients and server. Windows authentication is the process of a user proving that they have the right to access the system. Windows authentication can be done using Kerberos, SPNEGO, and NTLM. SPNEGO stands for “Security Negotiation”. Kerberos authentication is named for the three-headed dog that guarded the entrance to the Greek underworld. SPNEGO can also stand for Simple and Protected Generic Security Services Application Program Interface Negotiation Mechanism. NTLM stands for NT LAN Manager. Windows authentication basically uses by only windows operating systems. It does not support by Linux, Solaris etc operating systems.

There are three types of windows authentication.

1)      Basic Authentication: If used as authentication type then the user credentials will be passed across the n/w in clear text format.

2)      Digest Authentication: It is a special authentication type used to authenticate the domain server users.

3)      NTLM authentication: It is default authentication type used by the windows authentication where NTLM stands for Integrated Windows Authentication.

Forms Authentication:

We can use form authentication to accept user credentials. Normally for using forms authentication we make a form which is like login form where users provide their credentials and on basis of credentials he gets access rights. Basically forms authentication is supported by all operating systems and browsers. Developers have a responsibility to provide better security and encryption mechanism.

Passport authentication:

.NET Passport allows users to create a single sign-in name and password to access any site that has implemented the Passport single sign-in (SSI) service. By implementing the Passport SSI, you won't have to implement your own user-authentication mechanism. Users authenticate with the SSI, which passes their identities to your site securely. Although Passport authenticates users, it doesn't grant or deny access to individual sites i.e. .NET Passport does only authentication not authorization. Passport simply tells a participating site who the user is. Each site must implement its own access-control mechanisms based on the user's Passport User ID (PUID).

Passport is a forms-based authentication service. A sample conversation using Passport authentication might look similar to the following:

1)    A client issues an HTTP GET request for a protected resource, such as http://www.contoso.com/default.aspx.

2)    The request does not contain a valid Passport ticket (form), so the server returns 302 and redirects the client to the Passport Logon Service, passing encrypted parameters about the original request on the query string.

3)    The client follows the redirect and issues an HTTP GET request to the logon server with the supplied query string.

4)      The Passport logon server presents the client with a logon form.

5)    The client fills out the form and does a POST back to the logon server, using Secure Sockets Layer (SSL).

6)    The logon server authenticates the user and redirects back to the original URI (http://www.contoso.com/default.aspx) with the authentication ticket encrypted in the query string.

7)      The client follows the redirect and requests the original protected resource again with the ticket encrypted on the query string.

8)    Back on the originating server, the PassportAuthenticationModule detects the absence of the form and the presence of the ticket on the query string and issues the authentication form. The request is then authenticated.

Subsequent requests for protected resources at the site are authenticated at the originating server using the supplied ticket. Passport also makes provisions for ticket expiration and reusing tickets on other member sites.

Authorization

Authorization is process of granting or denying permissions on basis of authentication. We will use certain keywords and symbols to provide their authority.

We can also define Authorization as a function of the policy definition phase which precedes the policy enforcement phase where access requests are approved or disapproved based on the previously defined authorizations.


Forms Authentication using ASP.NET Configuration tool
by Priya B on 8/13/2012
I know much about windows and forms authentication and now through this post I came to know what is passport authentication all about. Thanks for sharing. Great post!

If at all anyone wants to implement Forms authentication and authorization for users with minimal amount of code written from your side (asp.net configuration tool does all the coding for you at the background), then check this out.
Report Abuse
Title :  
Comment :
Text ColorBackground Color
BoldItalicUnderline
LeftCenterRightJustify
Ordered ListBulleted List
IndentOutdent
Horizontal Rule
SubscriptSuperscript
HyperlinkImage
Design ModeDesign
View HtmlHtml
       
 
Report Abuse Form
Reason:    
 
Latest ArticleRSS Feed
    
    
    
    
    
    
    
    
    
    
More...
Latest Blogs by Awadhendra TiwariRSS Feed
    
    
    
    
    
    
    
    
    
    
More...
Top Viewed ArticlesRSS Feed
    
    
    
    
    
    
    
    
    
    
Top Viewed BlogsRSS Feed
    
    
    
    
    
    
    
    
    
    
Latest Interview QuestionsRSS Feed
    
    
    
    
    
    
    
    
    
    
More...
Total Online Users: 5053
  
Copyright © 2014MindStick. All Rights Reserved.