Role base security
and cryptography in .net
In this blog, I’m
explaining about Role base security and cryptography in .NET
Role Base security in .NET
Use forms authentication to obtain and validate
Create forms Authentication Ticket objects based
on name and roles retrieved from the data store.
User Generic principle class that provides the
roles-based authorization checking functionality. ASP.NET requires it to be
stored in the HttpContext. User to relate it current application Http request.
Use these objects to make authorization
.NET Framework provides support for the
implementation of role based security which consist of Authentication
(identity) and Authorization (rights).
The .NET provides access to the user through an
identity and authorization access by principal object.
Identities corresponds to users and their
properties.identity classes belong to system.security.principal Namespace.
Roles are string of role names added to a
Principal to associate the current user with his assigned roles.
Cryptography is a
method used to protect the information and data from other parties that might
use that data for any illegal activity.
ASP.NET provides a new class as Crypto present in
Using the Crypto Class
The Crypto class contain the simplified versions of the
The class is a static class, which means you cannot create
an instance of this class.
Using the Method
1. String GeneratingSalt()
method generates a new Salt to be
added to the input string before
the hashing process would start.
2. String Hash()
This function hashes the input string using
either the default (SHA-256) algorithm or
user can pass algorithm for the ASP.NET
to use to hash the password into.
3. String HashPassword()
This function return an RFC 2898 hash value of
the input sting passed by the user.
4. Sting SHA1
Return the SHA1 hashed value for the input
5. String SHA256
The algorithm used is SHA-256
6. Bool VerifyHashPassword
This method would check for the password
sent by the user.