In this blog, I’m explaining about Role base security and cryptography in .NET
Role Base security in .NET
1. Use forms authentication to obtain and validate user credentials.
2. Create forms Authentication Ticket objects based on name and roles retrieved from the data store.
3. User Generic principle class that provides the roles-based authorization checking functionality. ASP.NET requires it to be stored in the HttpContext. User to relate it current application Http request.
4. Use these objects to make authorization decisions.
5. .NET Framework provides support for the implementation of role-based security which consists of Authentication (identity) and Authorization (rights).
6. The .NET provides access to the user through an identity and authorization access by the principal object.
7. Identities correspond to users and their properties.identity classes belong to system.security.principal Namespace.
8. Roles are the string of role names added to a Principal to associate the current user with his assigned roles.
Cryptography is a method used to protect the information and data from other parties that might use that data for any illegal activity.
ASP.NET provides a new class as Crypto present in System.Web.Helpers namespace.
Using the Crypto Class
The Crypto class contain the simplified versions of the cryptography.
The class is a static class, which means you cannot create an instance of this class.
Using the Method
1. String GeneratingSalt()
This method generates a new Salt to be added to the input string before the hashing process would start.
2. String Hash()
This function hashes the input string using either the default (SHA-256) algorithm or the user can pass algorithm for the ASP.NET to use to hash the password into.
3. String HashPassword()
This function returns an RFC 2898 hash value of the input string passed by the user.
4. Sting SHA1
Return the SHA1 hashed value for the input string provided.
5. String SHA256
The algorithm used is SHA-256
6. Bool VerifyHashPassword
This method would check for the password sent by the user.