Page 247 - DCAP312_WEB_TECHNOLOGIES_II
P. 247
Unit 12: Security and Membership
True or False Notes
4. ASP.NET helps protect the database from public access.
( a) True (b) False
5. IIS authentication is not used by the application, but IIS authentication settings are
important to the ASP.NET forms authentication process.
( a) True (b) False
12.2 ASP.NET Authentication
Authentication is the process of obtaining identification credentials such as name and password
from a user and validating those credentials against some authority. If the credentials are valid,
the entity that submitted the credentials is considered an authenticated identity. Once an identity
has been authenticated, the authorization process determines whether that identity has access
to a given resource.
Authentication is the process by which we obtain identification credentials such as the user’s
name and password and validate those credentials against some authority.
ASP.NET gives we more control to implement security for application. ASP.NET security
works in conjunction with Microsoft Internet Information Services (IIS) security and includes
authentication and authorization services to implement the ASP.NET security model. ASP.NET
also includes a role-based security feature that we can implement for both Microsoft Windows
and non-Windows user accounts.
ASP.NET implements authentication through authentication providers, the code modules that
contain the code necessary to authenticate the requestor’s credentials. ASP.NET supports the
authentication providers described in the following Table 12.2.
Table 12.2: ASP.NET Authentication Provider
ASP.NET authentication Description
provider
Forms authentication A system by which unauthenticated requests are redirected to
an HTML form using HTTP client-side redirection. The user
provides credentials and submits the form. If the application
authenticates the request, the system issues a cookie that
contains the credentials or a key for reacquiring the identity.
Subsequent requests are issued with the cookie in the request
headers; they are authenticated and authorized by an ASP.
NET event handler using whatever validation method the
application developer specifies.
Passport authentication Centralized authentication service provided by Microsoft that
offers a single logon and core profile services for member sites.
Windows authentication ASP.NET uses Windows authentication in conjunction with
Microsoft Internet Information Services (IIS) authentication.
Authentication is performed by IIS in one of three ways: Basic,
digest, or Integrated Windows Authentication. When IIS
authentication is complete, ASP.NET uses the authenticated
identity to authorize access.
To enable an authentication provider for an ASP.NET application, we only need to create an
entry for the application configuration file as follows:
// Web.config file
<authentication mode= “[Windows|Forms|Passport|None]”/>
LOVELY PROFESSIONAL UNIVERSITY 241
