Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Software >> Microsoft Related >> ASP.NET
  2. Suggest New Category

Explain authentication levels in .net ?

Question Posted / anandkbs

Answer Posted / anandkbs

Windows authentication and IIS

If you select windows authentication for your ASP.NET
application, you also have to configure authentication
within IIS. This is because IIS provides Windows
authentication. IIS gives you a choice for four different
authentication methods:

Anonymous, basic digest, and windows integrated

If you select anonymous authentication, IIS doesn't perform
any authentication, Any one is allowed to access the ASP.NET
application.

If you select basic authentication, users must provide a
windows username and password to connect. How ever this
information is sent over the network in clear text, which
makes basic authentication very much insecure over the internet.

If you select digest authentication, users must still
provide a windows user name and password to connect. However
the password is hashed before it is sent across the network.
Digest authentication requires that all users be running
Internet Explorer 5 or later and that windows accounts to
stored in active directory.

If you select windows integrated authentication, passwords
never cross the network. Users must still have a username
and password, but the application uses either the Kerberos
or challenge/response protocols authenticate the user.
Windows-integrated authentication requires that all users be
running internet explorer 3.01 or later Kerberos is a
network authentication protocol. It is designed to provide
strong authentication for client/server applications by
using secret-key cryptography. Kerberos is a solution to
network security problems. It provides the tools of
authentication and strong cryptography over the network to
help to secure information in systems across entire enterprise

Passport authentication

Passport authentication lets you to use Microsoft's passport
service to authenticate users of your application. If your
users have signed up with passport, and you configure the
authentication mode of the application to the passport
authentication, all authentication duties are offloaded to
the passport servers.

Passport uses an encrypted cookie mechanism to indicate
authenticated users. If users have already signed into
passport when they visit your site, they'll be considered
authenticated by ASP.NET. Otherwise they'll be redirected to
the passport servers to log in. When they are successfully
log in, they'll be redirected back to your site

To use passport authentication you have to download the
Passport Software Development Kit (SDK) and install it on
your server. The SDK can be found at
http://msdn.microdoft.com/library/default.asp?url=/downloads/list/websrvpass.aps.
It includes full details of implementing passport
authentication in your own applications.

Forms authentication

Forms authentication provides you with a way to handle
authentication using your own custom logic with in an
ASP.NET application. The following applies if you choose
forms authentication.

1. When a user requests a page for the application,
ASP.NET checks for the presence of a special session cookie.
If the cookie is present, ASP.NET assumes the user is
authenticated and processes the request.
2. If the cookie isn't present, ASP.NET redirects the
user to a web form you provide
3. You can carry out whatever authentication, checks you
like in your form. When the user is authenticated, you
indicate this to ASP.NET by setting a property, which
creates the special cookie to handle subsequent requests.

Is This Answer Correct ?    8 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

Is viewstate secure?

924

What symbol specifies the beginning of a query string?

883

What is custom events? How to create it?

1016

what are the Custom controls in asp.net?

1000

What is preprocessor in .net and type, where it use?

1134

How can you display all validation messages in one control?

949

What is the use of data set in asp.net?

919

What do you mean by marshalbyref?

1047

Define msil.

932

What is server side session?

970

What is the difference between file-based dependency and key-based dependency?

1021

What is a query string in a url?

938

What is caching in asp.net?

972

What type of code, client-side or server-side, is found in a code-behind file of a Web page?

917

What is postback pixel?

946