- Authentication is a process of Checking user Credentials (or) Authentication is the process of getting credentials of client.
- User Credentials can be Username and Password.
- Any User who is having Username and Password is called Authenticated.
- Authorization is the process of verifying credentials to provide access to resource. (or)
- It is a process of assigning Roles and Responsibilities for the Authenticated User's.
- Only Authenticated User's can be Authorized.
Asp.net Support 3 types of Authentications :
- i) Windows Based Authentication
- ii) Forms Based Authentication
- iii) Passport Based Authentication
i) Widnows Based Authentication
Authenticating client based on Network Level login parameters is called "Windows Based Authentication". This security can be applied only to Private Website Organization (eg:- Bank...)
ii) Forms Based Authentication
Authenticating client based on custom login page verifying credentials with database is called Forms Based Authentication.
This is applicable to private and public website.
for this requires settings in web.config files
<authentication mode="Forms"> <forms name="" loginurl="" timeout="" cookieless="" /> </authentication> <authorization> <deny users="*"></deny> <deny users="?"></deny> </authorization>
* - means doesn't allow to access web application from anyone, even if he's authenticated user or not
? - means allow only authenticated users
Forms Tag Attributes
- name - by default securityToken will be provided in the form of cookies, default cookie name is .aspxauth, this can be changed using name attribute of forms tag.
- loginurl - unauthenticated client will be redirected to loginurl page.
- timeout - it will specify life time of cookies default is 30 minutes.
- cookies - if it is true, then securityToken will be appended to url
Creating ASP.NET Website to Implement Forms Based Authentication Security
- Open Visual Studio -> File -> New -> Website.
- Select Asp.net Website Template --> Name it and click on OK Button
- Solution Explorer -> Right Click -> Select -> Add New Item -> Choose WebForm -> Name - Default.aspx -> Click on Add Button
- Simillarly Add Another WebForm -> Name - welcome.aspx Just follow the above step
Add this code in Web.Config file and then after go to Default.aspx.
<?xml version="1.0"?> <!-- For more information on how to configure your ASP.NET application, please visit http://go.microsoft.com/fwlink/?LinkId=169433 --> <configuration> <system.web> <compilation debug="false" targetFramework="4.0" /> <authentication mode="Forms"> <forms name="c1" loginUrl="default.aspx"></forms> </authentication> <authorization> <deny users="?"></deny> </authorization> </system.web> </configuration>