Windows Authentication - ASP.Net Security,Internationalisation and Deployment

Home > Aspnet > Tutorials > Windows Authentication - ASP.Net Security,Internationalisation and Deployment

Tell a friend

Link to us

Total Members

Members: 84648

Sitemap

Forum

Chat

Home

ASP.Net Security,Internationalisation And Deployment Tutorial Home

1 . Introduction

2 . Relationship Between IIS and ASP.NET

3 . Authentication in ASP.Net

4 . Form Based Authentication

5 . Form Authentication Flow

6 . Passport Authentication

7 . Windows Authentication

8 . Configuring Windows Authentication

9 . Anonymous Authentication

10 . Basic Authentication

11 . Digest Authentication

12 . Integrated Windows Authentication

13 . Certificate Authentication

14 . Authorization

15 . Authentication Vs Authorization

16 . Impersonation

17 . Code Access security

18 . Internationalization

19 . Deployment

20 . Installing the Application

Aspnet Group Home

Aspnet Discussion (10)

Aspnet Members (2379)

Aspnet Resources

Aspnet Source Code (388)

Aspnet Articles (1)

Aspnet Blogs

Aspnet Jobs

Aspnet Components (201)

- Aspnet Ask Question

- Aspnet Questions

- Aspnet Unanswered Questions

GROUPS

.NET

Java

Other

TUTORIALS

.NET

.NET Tutorial

ASP Tutorial

ASP.NET Database Tutorial

ASP.NET Development Tips

ASP.Net Security,Internationalisation And Deployment

ASP.NET Server Controls Tips

Web Development

Software Development

Java

Java Web Component Tutorial

JSP And J2EE Design Tutorial

JSP Tutorial

Service-Oriented Architecture (SOA) Using Java Web Services Tutorial

RESOURCES

SUBMISSIONS

COMMUNITY

SITE

Aspnet security Tutorial

Windows Authentication

<< Prev: Passport Authentication

Next: Configuring Windows Authentication >>

This provider utilizes the authentication capabilities of IIS. After IIS completes its authentication, ASP.NET uses the authenticated identity's token to authorize access. This type of authentication is possibly the easiest of all to implement. Windows authentication can be used in conjunction with almost all authentication methods provided by IIS, except Anonymous Authentication. There is no need to write any code to validate the user as IIS has already authenticated their Windows credentials. Basically, Windows authentication makes use of the authentication capabilities of IIS. IIS will complete its authentication first then ASP.NET will use the authenticated identity's token to decide whether the access is granted or denied.

This mechanism is usually implemented when the users are part of Windows domain and the authenticated users are to be impersonated so that the code is executed in the same security context of the user's Windows account.

When a user requests specific resources, this request will go to IIS. IIS authenticates the user and attaches the security token to it. It will then pass the authenticated request and security token to ASP.NET. If impersonation is enabled, ASP.NET impersonates the user using the security token attached and sees whether the user is authorized to access the resources in the <authorization> section in Web.config file. If the access is granted, ASP.NET will send the requested resources through IIS, or else, it sends error message to the user.

There are four different kinds of Windows authentication options available that can be configured in IIS:

• Anonymous Authentication:
IIS doesn't perform any authentication check. IIS allows any user to access the ASP .NET application.

• Basic Authentication:
For this kind of authentication, a Windows user name and password has to be provided to connect.

• Digest Authentication:
It is same as Basic Authentication but for the fact that the password is hashed before it is sent across the network. However, to be using Digest Authentication, we must use IE 5.0 or above.

• Integrated Windows Authentication:
In this kind of authentication technique, passwords are not sent across the network. The application here uses either the Kerberos or challenge/response protocols to authenticate users.