.NET/ASP.NET Interview Question - How to implement Authentication and Authorization?

 Posted by ArticlesMaint on 4/8/2011 | Category: ASP.NET Interview questions | Views: 4936


In ASP.NET there are three way to do Authentication and Authorization.


Windows Authentication:
                             In this methadology ASP.NET web pages will use local windows users and groups to authenticate and authorize resources.

<authentication mode="Windows"> 
  <forms name="
AuthenticationDemo" loginUrl="logon.aspx" protection="All" path="/" timeout="30"
/>
</authentication>

Deny access to the anonymous user in the Aauthorization section as follows:

<authorization>
     <deny users ="?" />

</authorization>


Forms Authentication:
                             This is a cookie based authentication where user name and password stored on client machine as cookie files or they are sent to URL for every request.Form-based authentication presents the users with an HTML-based web page that prompts the user for credentials.In case browser doesnot support cookies then username and password passed via URL string for every request.

<authentication mode="Forms">
<forms name=" AuthenticationDemo"
loginUrl="logon.aspx" protection="All" path="/" timeout="30" />

</authentication>
<credential
passwordFormat=”SHA1”>
<username="admin"
password="admin">
</credential>


Deny access to the anonymous user in the Aauthorization section as follows:

<authorization>
    <deny users ="?"
/>
</authorization>


Passport Authentication:
                                Passport authentication is based on passport website provided by the microsoft.So when user logins with credentials it will be reached to the passport website(i.e. hotmail,devhood,windows live etc)where authentication will happen.If authentication is successful it will return a token to your website.

<authentication mode= "Passport"/>


Regards,




Asked In: Many Interviews | Alert Moderator 

Comments or Responses

Login to post response