Describe how the ASP.NET authentication process works.

Describe how the ASP.NET authentication process works.

ASP.NET runs inside the process of IIS due to which there are two authentication layers which exist in the system.

First authentication happens at the IIS level and the second at ASP.NET level per the WEB.CONFIG file.


At first, IIS ensures that the incoming request is from an authenticated IP address. Otherwise the request is rejected.

By default IIS allows anonymous access due to which requests are automatically authenticated.

However, if this is changed, IIS performs its own user authentication too. checks if impersonation is enabled if a request is passed to by an authenticated user. If it is enabled, acts itself as an authenticated user else it acts with its own configured account.

Finally the OS resources are requested by the identity obtained from previous step.
The user is granted the resources if the authentication is successful else the resources are denied.

Resources can include page, code access security features to extend authorization step to disk files, registry keys, etc.

What is Authentication in ASP.NET?

The process of identifying a user through the use of an ID and a password is known as Authentication.

The ASP.Net authentication providers are as follows:

Windows Authentication Provider:
It is in conjunction with Microsoft Internet Information Services (IIS) authentication to secure ASP.NET applications

Forms Authentication Provider:
It is an application-specific login form which performs authentication using user code.

Passport Authentication provider:
It is a centralized authentication service provided by Microsoft that offers a single login and core profile service for member sites.

Explain the various authentication mechanisms in ASP.NET.

ASP.NET supports 3 authentication mechanisms:

Windows Authentication:
This is used for an intranet based application. Used to authenticate domain users within a network. By default windows authentication is used.

Form Authentication:
It’s a custom security based on roles and user accounts created specifically for an application.

Passport Authentication:
This is based on hotmail passport account.
Explain the ways of authentication techniques in ASP.NET
Selection of an authentication provider is done through the entries in the web.config file for an application.....
Windows authentication in ASP.NET
If windows authentication mode is selected for an ASP.NET application, then authentication also needs to be configured within IIS since it is provided by IIS....
Passport authentication in ASP.NET
Passport authentication provides authentication using Microsoft’s passport service....
Post your comment