Membership_RoleManagement(Additional reference).pptx - urs...

This preview shows page 1 - 14 out of 44 pages.

Authentication & Authorization Forms Authentication, Users, Roles, Membership Ventsislav Popov Telerik Software Academy academy.telerik.com Software Developer aspnetcourse.telerik.com
Table of Contents 1. Basic principles 2. Authentication Types Windows Authentication Forms Authentication Passport Authentication 3. Users & Roles 4. Membership and Providers 5. Login / Logout Controls 2
Basics Authentication The process of verifying the identity of a user or computer Questions: Who are you? How you prove it? Credentials can be password, smart card, etc. Authorization The process of determining what a user is permitted to do on a computer or network 3
Windows and Form Authentication in ASP.NET
Authentication Types in ASP.NET Windows Authentication Uses Active Directory / Windows accounts Forms Authentication Uses a traditional login / logout pages Code associated with a Web form handles users authentication by username / password Users are usually stored in a database 5
Windows Authentication In Windows Authentication mode the Web application uses the same security scheme that applies to your Windows network Network resources and Web applications use the same: User names Passwords Permissions It is the default authentication when a new Web site is created 6
Windows Authentication (2) The user is authenticated against his username and password in Windows NTLM or Kerberos authentication protocol When a user is authorized: Application executes using the permissions associated with the Windows account The user's session ends when the browser is closed or when the session times out 7
Windows Authentication (3) Users who are logged on to the network Are automatically authenticated Can access the Web application To set the authentication to Windows add to the Web.config : To deny anonymous users add: <authentication mode="Windows" /> <authorization> <deny users="?"/> </authorization> 8
Windows Authentication (4) The Web server should have NTLM enabled: GET /Default.aspx HTTP/1.1 HTTP/1.1 401 Unauthorized WWW-Authenticate: NTLM GET /Default.aspx HTTP/1.1 Authorization: NTLM tESsB/ yNY3lb6a0L6vVQEZNqwQn0s HTTP/1.1 200 OK <html> … </html> HTTP requests: HTTP responses: 9
Windows Authentication Live Demo
Forms Authentication Forms Authentication uses a Web form to collect login credentials (username / password) Users are authenticated by the C# code behind the Web form User accounts can be stored in: Web.config file Separate user database Users are local for the Web application Not part of Windows or Active 11
Forms Authentication (2) Enabling forms authentication: Set authentication mode in the Web.config to " Forms " Create a login ASPX page Create a file or database to store the user credentials (username, password, etc.) Write code to authenticate the users against the users file or database <authentication mode="Forms" /> 12
Configuring

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture