Focus on Microsoft Technologies - Tutorials, Articles, Code Samples.

Thursday, September 14, 2006

ASP.NET security By Yashavant Kanetkar

ASP.NET security

The C# Column - Yashawant Kanetkar

ASP.NET security is mostly concerned with building secure sites that serve up pages only to authorised users. There are certain sites on the Net that require login before displaying certain pages. These sites must implement some application level security to identify authorised users. This application level security is provided using ASP.NET. It works in conjunction with IIS, the .NET platform and the underlying operating system security services.

Whenever a client tries to connect to a website, it has to make a request to the Web server for a particular page. This request is known as a ‘Web request’. To implement security at the application level, the application needs to take two actions—identify the person who has made the request to the Web server, and specify who can access which pages.

This action of identifying the caller of the Web page is known as authentication. Once authentication is done, it is decided which pages the caller can view. This is known as authorisation. ASP.NET supports four types of authentication and authorisation mechanisms.

  • Windows authentication
  • Passport authentication
  • Forms authentication

Find More

Post a Comment