C# Tutorials and offshore development in India
    Tutorials   Resources   Forum   Communities   Interview   Jobs   Projects   Offshore Development    
Silverlight Tutorials | Mentor | Code Converter | Articles | Code Factory | Computer Jokes | Members | Peer Appraisal | IT Companies | Bookmarks | Revenue Sharing |


Prizes & Awards
My Profile



Active Members
TodayLast 7 Days more...
New Feature: Community Sites: Create your own .NET community website and start earning from Google AdSense ! It's Free !




Authentication and Security Mechanisms in Web Applications


Posted Date: 29 May 2008    Resource Type: Articles    Category: Web Applications
Posted By: Bharathidasan       Member Level: Silver
Rating:     Points: 10



Web Application Security


There are several important features available for configuration for ASP.NET applications. Permissions for Web applications are regulated by the .NET Framework. Each Web application is comprised of a number of assemblies, all of which may have different security permissions granted to them by the CLR. The way these permissions are established is determined by the configuration of the .NET Framework on the server that is executing these applications.

Authentication


Authentication refers to the method used by the server to verify the clients’ identity. This feature provides methods to authenticate clients via a set of standardized and reusable methods that require little or no modification. The methods available to developers are:

Windows Authentication:
Attempts to verify users by validating supplied credentials using authentication methods used by the Windows operating system. This includes NTLM (NT LanMan) and Kerberos (for systems running versions more current than Windows NT 4.0). Windows authentication is used by default if no method is explicitly selected.
IIS Authentication:
Uses authentication methods provided by the IIS Web server.
Passport Authentication:
Verifies users through the use of the Microsoft Passport authentication server.
Forms Authentication :
Allows for application developers to provide a form for authenticating users in a standardized way. User accounts can be made specific to the application and stored in the web.config file.

Authorization


Authorization refers to who is allowed to access specific application resources, as opposed to authentication, which is concerned with verifying the user using one of the aforementioned mechanisms. The purpose of authorization is to provide an easy method to apply access controls to Web applications. Authorization can be performed in two different ways:
Users:
A user or list of users can be specified that are explicitly allowed or denied from using the application.
Roles:
A role or list of roles can be specified that are explicitly allowed or denied from using the application. Any user associated with the role will have the appropriate policy applied to them. Policies written with roles rather than users are preferable, as administration is simplified and doesn’t need constant updating.



Responses
Author: Mahesh Raj    07 Jun 2008Member Level: Gold   Points : 1
This is very good information,Continue posting such useful articles.


Author: John Fernandez    08 Jun 2008Member Level: Gold   Points : 1
Very well written Article.Thanks for sharing this information.


Feedbacks      
Popular Tags   What are tags ?   Search Tags  
(No tags found.)

Post Feedback


This is a strictly moderated forum. Only approved messages will appear in the site. Please use 'Spell Check' in Google toolbar before you submit.
You must Sign In to post a response.
Next Resource: Datagrid Inside the Datagrid
Previous Resource: cookies in asp.net
Return to Discussion Resource Index
Post New Resource
Category: Web Applications


Post resources and earn money! 		 
Related Resources


dotNet Slackers   BizTalk Adaptors    Web Design

doors in nj

Contact Us    Privacy Policy    Terms Of Use