tell me about different authentication options present in asp.net MVC application with a suitable image.
Explain different authentication option in asp.net MVC?
346011-Feb-2020
Updated on 11-Feb-2020
forum
Home / DeveloperSection / Forums / Explain different authentication option in asp.net MVC?
Nishi Tiwari
11-Feb-2020Authentication
The Authentication of the user means to verify the identity of the user. This is important and we might need to present our application only to the authenticated users for obvious reasons.
First, create a new ASP.Net MVC application.
Click OK to continue.
When we start a new ASP.NET application, one of the steps is to configure the authentication services for application needs.
Second, select the MVC template and we will see that the Change Authentication button is now enabled.
It is done with the Change Authentication button which appears in the New Project dialog and the default authentication is Individual User Accounts.
Authentication Options
When we click the Change button, we will see a dialog with four options, which are as follows.
No Authentication
Our first option is No Authentication and this option is used when we want to build a website that doesn't care who the visitors are.
It is mainly open to anyone and every person connects as every single page. We can always change that later, but the No Authentication option means there will not be any features to identify users who are coming to visit the website.
Individual User Accounts
Our second option is Individual User Accounts and this is the traditional forms-based authentication where users can easily visit a website and also they can register, create a login, and by default their username is stored in a SQL Server database through the using of some new ASP.NET identity features.
The password is also stored in the database, but it is mainly hashed first. Since the password is hashed, we don't have to worry about plain-text passwords sitting in a database.
The option is typically used for internet sites where we want to establish the identity of a user. In addition to getting a user to create a local login with a password for our site, we can also enable logins from third parties like Microsoft, Google, Facebook, and Twitter.
It allows a user to log in to our site using their Live account or their Twitter account and they can select a local username, but we don't need to store any passwords.
It is the option that we'll spend some time within this module; the individual user accounts option.
Work and School Accounts
Our third option is to use organizational accounts and it is typically used for business applications where we will be using active directory federation services.
We will either set up Office 365 or use Azure Active Directory Services, and we have a single sign-on for internal apps and Cloud apps.
We will also need to provide an app ID so our app will need to be registered with the Windows Azure management portal if this is Azure-based, and the app ID will uniquely identify the application amongst all the applications that might be registered.
Windows Authentication
The fourth and the last option is Windows authentication, which works well for intranet applications.
The user logs into Windows desktop and can launch a browser to the application which sits inside the same firewall and ASP.NET can automatically pick up the user's identity, the one that was established by active directory and this option does not allow any anonymous access to the site, but again that is a configuration setting which can be changed.