1. Authentication is a process of Checking user Credentials (or) Authentication is the process of getting credentials of client.
  2. User Credentials can be Username and Password.
  3. Any User who is having Username and Password is called Authenticated.


  1. Authorization is the process of verifying credentials to provide access to resource. (or)
  2. It is a process of assigning Roles and Responsibilities for the Authenticated User's.
  3. Only Authenticated User's can be Authorized. Support 3 types of Authentications :

  • i) Windows Based Authentication
  • ii) Forms Based Authentication
  • iii) Passport Based Authentication

i) Widnows Based Authentication

Authenticating client based on Network Level login parameters is called "Windows Based Authentication". This security can be applied only to Private Website Organization (eg:- Bank...)

ii) Forms Based Authentication

Authenticating client based on custom login page verifying credentials with database is called Forms Based Authentication.
This is applicable to private and public website.
for this requires settings in web.config files

 <authentication mode="Forms">
   <forms name="" loginurl="" timeout="" cookieless="" />

   <deny users="*"></deny>
   <deny users="?"></deny>

* - means doesn't allow to access web application from anyone, even if he's authenticated user or not
? - means allow only authenticated users

Forms Tag Attributes

  1. name - by default securityToken will be provided in the form of cookies, default cookie name is .aspxauth, this can be changed using name attribute of forms tag.
  2. loginurl - unauthenticated client will be redirected to loginurl page.
  3. timeout - it will specify life time of cookies default is 30 minutes.
  4. cookies - if it is true, then securityToken will be appended to url

Creating ASP.NET Website to Implement Forms Based Authentication Security

  1. Open Visual Studio -> File -> New -> Website.
  2. Select Website Template --> Name it and click on OK Button
  3. Solution Explorer -> Right Click -> Select -> Add New Item -> Choose WebForm -> Name - Default.aspx -> Click on Add Button
  4. Simillarly Add Another WebForm -> Name - welcome.aspx Just follow the above step

Add this code in Web.Config file and then after go to Default.aspx.

<?xml version="1.0"?>
  For more information on how to configure your ASP.NET application, please visit
        <compilation debug="false" targetFramework="4.0" />
      <authentication mode="Forms">
        <forms name="c1" loginUrl="default.aspx"></forms>        
        <deny users="?"></deny>


Post a Comment