Answer Posted / anandkbs
Windows authentication and IIS
If you select windows authentication for your ASP.NET
application, you also have to configure authentication
within IIS. This is because IIS provides Windows
authentication. IIS gives you a choice for four different
authentication methods:
Anonymous, basic digest, and windows integrated
If you select anonymous authentication, IIS doesn't perform
any authentication, Any one is allowed to access the ASP.NET
application.
If you select basic authentication, users must provide a
windows username and password to connect. How ever this
information is sent over the network in clear text, which
makes basic authentication very much insecure over the internet.
If you select digest authentication, users must still
provide a windows user name and password to connect. However
the password is hashed before it is sent across the network.
Digest authentication requires that all users be running
Internet Explorer 5 or later and that windows accounts to
stored in active directory.
If you select windows integrated authentication, passwords
never cross the network. Users must still have a username
and password, but the application uses either the Kerberos
or challenge/response protocols authenticate the user.
Windows-integrated authentication requires that all users be
running internet explorer 3.01 or later Kerberos is a
network authentication protocol. It is designed to provide
strong authentication for client/server applications by
using secret-key cryptography. Kerberos is a solution to
network security problems. It provides the tools of
authentication and strong cryptography over the network to
help to secure information in systems across entire enterprise
Passport authentication
Passport authentication lets you to use Microsoft's passport
service to authenticate users of your application. If your
users have signed up with passport, and you configure the
authentication mode of the application to the passport
authentication, all authentication duties are offloaded to
the passport servers.
Passport uses an encrypted cookie mechanism to indicate
authenticated users. If users have already signed into
passport when they visit your site, they'll be considered
authenticated by ASP.NET. Otherwise they'll be redirected to
the passport servers to log in. When they are successfully
log in, they'll be redirected back to your site
To use passport authentication you have to download the
Passport Software Development Kit (SDK) and install it on
your server. The SDK can be found at
http://msdn.microdoft.com/library/default.asp?url=/downloads/list/websrvpass.aps.
It includes full details of implementing passport
authentication in your own applications.
Forms authentication
Forms authentication provides you with a way to handle
authentication using your own custom logic with in an
ASP.NET application. The following applies if you choose
forms authentication.
1. When a user requests a page for the application,
ASP.NET checks for the presence of a special session cookie.
If the cookie is present, ASP.NET assumes the user is
authenticated and processes the request.
2. If the cookie isn't present, ASP.NET redirects the
user to a web form you provide
3. You can carry out whatever authentication, checks you
like in your form. When the user is authenticated, you
indicate this to ASP.NET by setting a property, which
creates the special cookie to handle subsequent requests.
| Is This Answer Correct ? | 8 Yes | 0 No |
Post New Answer View All Answers
Is it possible to change the index of primary key on table?
Define satellite assemblies.
Name some asp objects?
Which is faster viewdata or viewbag?
What are the cookies types in asp.net?
Explain the difference between panel and groupbox classes using .net?
Is it possible to migrate visual interdev design-time controls to asp.net?
What is difference between asp.net and asp?
Define session in asp.net.
How does session state work in asp.net?
Explain exception filters?
Is session stored in browser?
What is scope of an application variable in asp.net?
Explain managed code an un-managed code.
Which is the parent class of the ASP.NET server control?
