Authentication in ASP.NET
Hi everyone in this blog I’m explaining about authentication
Authentication is the process of obtaining identification
credentials such as name and password from a user and validating those
credentials against some authority. If the credentials are valid, the entity
that submitted the credentials is considered an authenticated identity. Once an
identity has been authenticated, the authorization process determines whether
that identity has access to a given resource.
ASP.NET implements authentication through authentication
providers, the code modules that contain the code necessary to authenticate the
requestor's credentials. The topics in this section describe the authentication
providers built into ASP.NET.
There are three types of authentication available in
Windows Authentication: This authentication method
uses built-in windows security features to authenticate user.
Forms Authentication: authenticate against a
customized list of users or users in a database.
Passport Authentication: validates against Microsoft
Passport service which is basically a centralized authentication service.
Authentication it is the process of ensuring the users
identity and authenticity. ASP.Net allows four types of authentication system:
Traditionally forms based authentication involves editing
the Web.Config file and adding a login page with appropriate authentication
The Web.Config file could be edited and the following codes
written on it:
<forms loginUrl =”login.aspx”/>
Implementing Forms-Based Security:
To set up forms based authentication, the following things
A database of users to support the authentication process
A website that uses the database
Restriction of users’ and group activities
A default page, which will display the login status of the
users and other information
A login page, which will allow users to log in, retrieve
password or change password
To create users take the following steps:
Choose Website -> ASP.Net Configuration to open the Web Application
Step 2 :
Click on the Security tab:
Select the authentication type to Forms based authentication by selecting the From
the Internet radio button.
Click on Create Users link to create some users. If you already had created
roles, you could assign roles to the user, right at this stage.
Create a web site and add the following pages:
Step 6 :
Place a LoginStatus control on the Welcome.aspx from the login section of the
toolbox. It has the templates: Logged in and Logged out.
In Logged out template, there is a login link and in the
Logged in template, there is a logout link on the control. You can change the
login and logout text properties of the control from the Properties window.
Login Status control
Place a LoginView control from the toolbox below the LoginStatus control. Here
you can put texts and other controls (hyperlinks, buttons etc), that will be
displayed based on whether the user is logged in or not.
This control has two view templates: Anonymous template and
Logged in template. Select each view and write some text for the users to be
displayed for each template. The text should be placed on the area marked red.
Login View control
The users for the application are created by the developer. You might want to
allow a visitor to the site create a user account. For this, add a link beneath
the LoginView control, which should link to the CreateAccount.aspx page.
Place a CreateUserWizard control on the create account page. Set the
ContinueDestinationPageUrl property of this control to Welcome.aspx.
Step 10: Create
the Login page. Place a Login control on the page. The LoginStatus control
automatically links to the Login.aspx. To change this default, make the
following changes in the web.config file.
For example, if you want to name your log in page as
signup.aspx, add the following lines to the <authentication> section of
<forms loginUrl =”signup.aspx” defaultUrl = welcome.aspx />
check more post on security in .net here