Security models in ASP.NET. Authentication.
Author: Sergei Baklanov aspnetman@aspnetmania.com

Windows Authentication
Forms Authentication
Forms Authentication using XML file
Forms Authentication using web.config file
Forms Authentication using database
Forms Authentication with Web services
Passport Authentication

Information is of great value in the modern world, often leakage of its tiny bit can turn into a great loss. To avoid such incidents, you need to be able to protect it. In order to do it, in IT world numerous methods were created, starting from simple encryption using Caesar cipher (alphabet is used shifting 3 letters) and ending up with access cards and bioscanning devices. Each method is aimed at its own purpose, that is why you need to understand clearly, what you want to do, what is your goal. Obviously, the safest method is implementation of personal identification devices. Such as retinal or fingerprint scanners, card readers and other sophisticated methods. But mentioned above devices are very expensive and their support also turns out to be not so cheap and available pleasure; in most cases, only big companies which have sufficient budget and evident necessity, when their staff consists of hundreds or thousands of employees, can afford such technologies. These means allow not only to prevent unauthorized access to the system, but also provide total control over personnel movement either in real physical or in virtual world, i.e. in the company's nets

Together with such expensive and high-tech security systems, there are security technologies of lower rank, nevertheless able to provide security at their level - program level. Let's get acquainted closer with them, or to be more exact, with the methods which are the most widespread in ASP.NET and .NET Framework. We will pay most of attention to such security aspects in ASP.NET as authentication, authorization, and encryption.

First of all, we need to demarcate clearly authentication and authorization. Authentication - is an input of username or user's e-mail and some secret information which was available for user only - in most cases it is a password. Authentication's illustrative example is Windows start-up. Authorization - is checking access rights to a certain resource or privilege to execute certain operations, for example, in Windows authorization takes place every time when you are trying to change system settings, add or remove users, and if you don't have appropriate rights to execute such operations, OS will return you error message.

Now let's turn to authentication process description directly in ASP.NET environment, where at your disposal there are 3 types of authentication:
- Windows authentication
- Forms authentication
- Passport authentication

Back to top