In this article, we will discuss Authentication and Authorization in Asp.Net.
This is the process of determining users identities and forcing those users to prove they are who they claim to be. Normally user enters credentials against a long page and then they are authenticated against the Windows user accounts on a computer, a list of users in a file, or a back-end database.
To secure asp.net website, you can use two types of authentication.
1- Forms Authentication:
Forms authentication works in conjunction with a database where you store user information like username or password. But you also can store user information in anywhere else.
To implement Forms Authentication follow these three steps:
– Set the authentication mode to forms authentication in the web.config file.
– Restrict anonymous users from a specific page or directory in your application.
– Create the login page.
2- Windows authentication:
With Windows authentication, the web server forces every user to log in as a Windows user. Here all users should have Windows user accounts on the server.
To implement Windows authentication follow below steps:
– Set the authentication mode to Windows authentication in the web.config file.
– Disable anonymous access for a directory by using an authorization rule.
– Configure the Windows user accounts on your web server.
Authorization is the process of determining whether that user has sufficient permission to perform a given action such as viewing a page or retrieving information from a database. But provided the user should have been authenticated before.
Also, you can check out
You May Also like the Following SharePoint Tutorials: