Basic Authentication - ASP.Net Security,Internationalisation and Deployment

Home > Aspnet > Tutorials > Basic Authentication - ASP.Net Security,Internationalisation and Deployment

Tell a friend

Link to us

Total Members

Members: 84648

Sitemap

Forum

Chat

Home

ASP.Net Security,Internationalisation And Deployment Tutorial Home

1 . Introduction

2 . Relationship Between IIS and ASP.NET

3 . Authentication in ASP.Net

4 . Form Based Authentication

5 . Form Authentication Flow

6 . Passport Authentication

7 . Windows Authentication

8 . Configuring Windows Authentication

9 . Anonymous Authentication

10 . Basic Authentication

11 . Digest Authentication

12 . Integrated Windows Authentication

13 . Certificate Authentication

14 . Authorization

15 . Authentication Vs Authorization

16 . Impersonation

17 . Code Access security

18 . Internationalization

19 . Deployment

20 . Installing the Application

Aspnet Group Home

Aspnet Discussion (10)

Aspnet Members (2379)

Aspnet Resources

Aspnet Source Code (388)

Aspnet Articles (1)

Aspnet Blogs

Aspnet Jobs

Aspnet Components (201)

- Aspnet Ask Question

- Aspnet Questions

- Aspnet Unanswered Questions

GROUPS

.NET

Java

Other

TUTORIALS

.NET

.NET Tutorial

ASP Tutorial

ASP.NET Database Tutorial

ASP.NET Development Tips

ASP.Net Security,Internationalisation And Deployment

ASP.NET Server Controls Tips

Web Development

Software Development

Java

Java Web Component Tutorial

JSP And J2EE Design Tutorial

JSP Tutorial

Service-Oriented Architecture (SOA) Using Java Web Services Tutorial

RESOURCES

SUBMISSIONS

COMMUNITY

SITE

Aspnet security Tutorial

Basic Authentication

<< Prev: Anonymous Authentication

Next: Digest Authentication >>

Basic authentication is an HTTP standard. This authentication transmits a user name and password in each request. IIS maps the user name and password to an account on the Web server, producing an access token that can be used to perform ACL-based security checks. When IIS is configured for Basic authentication, it instructs the browser to send the user's credentials over HTTP. Passwords and user names are encoded using Base64 encoding. Although the password is encoded, it is considered insecure due its ability to be deciphered relatively easily. The browser prompts the user with a dialog box, and then reissues the original anonymous request with the supplied credentials, including the user name and password. A pop-up logon dialog box may or may not be appropriate, depending upon user interface design requirements. Most Internet browsers support Basic authentication.

Figure-Basic Authentication

Consider Basic authentication when:

• Users have Windows NT Domain or Active Directory accounts.
• It needs to support multiple browser types, including Netscape Navigator and all versions of Internet Explorer.
• It needs to support authentication over the Internet.
• It needs to access the clear text password in application code.
• It needs to support delegation.

Basic authentication not consider when:

• It requires a secure login and is not using a secure channel, such as that provided by Secure Sockets Layer (SSL).
• Users are stored in a custom database, and do not have Windows accounts.

We can delegate from one computer to another using Basic authentication. Delegation happens because the IIS server will log on the user locally via a call to the Win32 API LogonUser. Because IIS has the clear text password of the user, it can respond to challenges from remote computers, allowing the Web server to act on behalf of the client.

To implement Basic authentication, configure it within IIS and make sure that users have the "log on locally" privilege on the Web server. If application needs to run as the user authenticated by Basic authentication, use the following Web.config file configuration-

< system.web>
<authentication mode =”Windows”/>
</system.web>