Page 241 - DCAP312_WEB_TECHNOLOGIES_II
P. 241

Sarabjit Kumar, Lovely Professional University                           Unit 12: Security and Membership



                            Unit 12: Security and Membership                                      Notes



             CONTENTS

             Objectives
             Introduction
             12.1  ASP.NET IIS Security
                  12.1.1  Provides an of ASP.NET Security
                  12.1.2   ASP.NET Infrastructure and Subsystem Relationships, as Related to Security

             12.2  ASP.NET Authentication
                  12.2.1  Security Relationship between IIS and ASP.NET
             12.3  Summary
             12.4  Keywords

             12.5  Review Questions
             12.6  Further Readings

            Objectives

            After studying this unit, you will be able to:
               •  Understand the IIS security

               •  Discuss the ASP.NET authentication

            Introduction

            Forms  authentication uses  a substantiation ticket that is  created  when a  client logs  on  to a
            location, and then it tracks the user throughout the site. The forms authentication ticket is
            usually contained inside a cookie. However, ASP.NET version 3.5 supports cookie less forms
            authentication, which results in the ticket being passed in a query string.
            If the user requests a page that requires authenticated access and that user has not previously
            logged on to the site, then the user is redirected to a configured logon page. The logon page
            prompts the user to supply credentials, typically a user name and password. These credentials
            are then passed to the server and validated against a user store, such as a SQL Server database.
            In ASP.NET3.5, user-store access can be handled by a membership provider. After the user’s
            credentials are authenticated, the user is redirected to the originally requested page.
            Forms authentication processing is handled by the Forms Authentication Module class, which is
            an HTTP module that participates in the regular ASP.NET page-processing cycle. This document
            explains how forms authentication works in ASP.NET3.5.
            This How To shows how to use the membership feature in ASP.NET version 3.5 applications. It
            shows us how to use two different membership providers: the Active Directory Membership
            Provider and the SqlMembership Provider. The membership feature greatly reduces the amount
            of code we have to write to authenticate users at Web site. The ActiveDirectory Membership
            provider uses Microsoft Active Directory directory service to maintain user information, while
            the SqlMembership Provider stores user details in a SQL Server database.




                                             LOVELY PROFESSIONAL UNIVERSITY                                   235
   236   237   238   239   240   241   242   243   244   245   246