It is the process that determines the identity of a user. Whenever a user logs
on to an application, the user is first authenticated and then authorized. It
is the process by which the system validates a user's logon information.
Authorization determines whether a particular user should be granted access to a
specific resource or not. In another word you can say it is a process of
granting approval or permission on resources.
The ASP.NET Framework supports following types of authentication:
NET Passport Authentication
You can use these different authentication modes by applying the settings to the
application’s web.config file or in conjunction with the application server’s
Internet Information Services (IIS) instance. A web.config file is another
XML-based configuration file that resides in the root directory of the Web
application. The settings applied in the web.config file override the same
settings applied in the higher-level machine.config file. These XML-based files
enable you to easily change how ASP.NET behaves.
The <authentication> Node in web.config file
You can enable a particular type of authentication for an application in an
application’s root web configuration file.
It is the default authentication mode in ASP.NET. Windows authentication is
used together with IIS authentication. It can be is performed by IIS in the
following ways: • Basic • Digest • Integrated Windows Authentication
The user provides his login information and submits the form. If the
information is correct then, the system issues a form that contains the
credentials or a key for getting the identit
A centralized authentication service provided by Microsoft that offers single
login and core profile services for member sites. MSN and Hotmail uses the
No authentication mode is applied.
Windows authentication is useful in an intranet environment (Within the
organization). In a Windows-based authentication model, the requests go
directly to IIS to provide the authentication process.
Allowing a single user through the web.config file
In the above given example only user name “CrrerRide” will allow to use the
resource and all other user users will deny to access.
The <allow> and <deny> nodes supports the following attributes.
You can specify users by their domain and/or name.
Provides the role for groups that are allowed or denied access.
It is the HTTP transmission method that is allowed or denied access.
Forms-based authentication authenticates the user who wants to access an entire
application or specific resources within an application. It is based on cookies
where the user name and the password are stored either in a text file or the
database. After a user is authenticated, the user’s credentials are stored in a
cookie for use in that session.
Using forms-based authentication in your Web application is easy and simple the
first step is to modify the web.config file in your application as given below.
The web configuration file contains a forms element that contains a credentials
element. The credentials element includes a usernames and passwords. The
question mark (?) symbol represents the all anonymous users.
Create an asp.net page name Login.aspx
Login.aspx has two simple TextBox controls and a Button control named as
txtUserName, txtPassword and btnLogin respectively. When you click the Login
button, the btnLogin_Click () method executes, and the FormsAuthentication.
Authenticate () method checks whether the username and password entered into
the TextBox controls match a username and password in the web configuration
file. If the user successfully authenticates, the FormsAuthentication.
RedirectFromLoginPage () method is called.
protected void btnLogin_Click (object sender, EventArgs e)
FormsAuthentication.RedirectFromLoginPage (txtUserName. Text, true);
lblError.Text = “User name or password is wrong”;
It is a centralize service provided by Microsoft. Passport Authentication allows
users to create a single registration and get the user name and password to
access any site that has implemented the Passport Authentication service. MSN
and Hotmail uses the passport authentication. If you have done registration in
MSN then you can access Hotmail with same user name and password without
registration in Hotmail.
Implementation of .NET Passport Authentication Service
Download the Microsoft .NET Passport SDK from the Microsoft Site.
Register your application in .NET Service Manager.
Get the SiteID and Application key after registering your application with .NET