Authentication and authorization in asp.net
Authentication is the process that determines the identity of a user after a user has been authenticated, a developer can determine if the identified use has authorization to proceed.
Authorization is the process of determining whether an authenticated user is permitted access to other any part of application or access to specific data view that application provides.
There are three types of authentication method is provided by the asp.net users.
- Windows Authentication –Basic, Digest .
- Forms Authentication.
- Passport and integrated authentication.
Windows authentication is used together with IIS authentication. When IIs Authentication is complete,ASP.NET uses the authenticated identity to authorize access. This is default settings.
In forms authentication request that are no authenticated are redirect to an html form using HTTP client side redirection. The user provides his login information and submits the form. If application the request, the system issues a form that contains credentials or a key or a identity
It is a centralized authentication service provided by Microsoft that offers single login and core profile services for member sites. This mode of authentication was de-emphasized by Microsoft at the end of 2004 year.
How to set authentication in web.config:
You can set the authentication mode in web.config as follows.