Page 248 - DCAP312_WEB_TECHNOLOGIES_II
P. 248
Web Technologies-II
Notes The mode is set to one of the authentication modes: Windows, Forms, Passport, or None. The
default is Windows. If the mode is None, ASP.NET does not apply any additional authentication
to the request - this can be useful when we want to implement a custom authentication scheme,
or if we are solely using anonymous authentication and want the highest possible level of
performance.
The authentication mode cannot be set at a level below the application root directory. As is
the case with other ASP.NET modules, subdirectories in the URL space inherit authentication
modules unless explicitly overridden.
Web Site Administration tool was first introduced with ASP.NET 2.0 along
with ASP.NET Microsoft Management Console (MMC) Snap-in.
12.2.1 Security Relationship between IIS and ASP.NET
IIS maintains security-related configuration settings in the IIS metabase. However, ASP.NET
maintains security (and other) configuration settings in XML configuration files. While this
generally simplifies the deployment of your application from a security standpoint, the security
model adopted by your application will necessitate the correct configuration of both the IIS
metabase and your ASP.NET application via its configuration file (Web.config). (See Figure 12.4)
Figure 12.4: Security Relationship between IIS and ASP.NET
242 LOVELY PROFESSIONAL UNIVERSITY
