Wednesday, October 22, 2008

Form Authtentication

Forms Authentication is a system in which unauthenticated requests are redirected to a Web form where users are required to provide their credentials. Upon submitting the form, and being properly verified by your application, an authorization ticket is issued by your Web application in the form of a cookie. This authorization cookie contains the user's credentials or a key for reacquiring the user's identity (e.g. therefore making the identity persistent). In essence, Forms Authentication is a means for wrapping your Web application around your own login user interface and verification processes.

FORM AUTHENTICATION FLOW



1. A client generates a request for a
protected resource (e.g. a secured page from your site).
2.IIS (Internet Information
Server) receives the request. If the requesting client is authenticated by
IIS, the user/client is passed on to the ASP.NET application.
3. If the client doesn't contain a valid authentication ticket/cookie, ASP.NET will redirect the user to the URL specified in the loginURL attribute of the Authentication tag in your web.config file.

how to configure web.config to use Authentication



<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms name=".COOKIEDEMO" 
             loginUrl="login.aspx" 
             protection="All" 
             timeout="30" 
             path="/"/> 
    </authentication>
    <authorization>

      <deny users="?" />
    </authorization>
  </system.web>
</configuration>

There are five attributes which are involved in form authentication
>>NAME
>>LOGIN URL
>>PROTECTION
>>TIMEOUT
>>PATH..
Posted by RICHA at 10:21 PM 0 comments

Sunday, October 19, 2008

ASP.NET Forms Authentication

ASP.NET has two authentication models.
One of the key improvements granted by the ASP.NET integration in IIS 7.0 is a unified authentication model. Instead of the two-stage model in previous versions of IIS, where IIS executed its own authentication methods before ASP.NET processing began, in Integrated mode IIS and ASP.NET authentication modules participate in a single authentication process as equals. With this, it becomes very easy to write custom authentication methods using .NET (that previously required ISAPI filters and C++ code), and use these solutions in a way that integrates seamlessly into the IIS security model.
Posted by RICHA at 1:36 AM 0 comments
Subscribe to: Posts (Atom)