Explain the term authentication with respect to ASP.Net securrity.
- Authentication is the process of obtaining identification credentials such as name and password from a user and validating those credentials against same authority.
- If the credentials are valid, the entity that submitted the credentials is considered an authenticated identity.
There are three ways of doing authentication and authorization in ASP.NET:
- Windows authentication: In this methodology ASP.NET web pages will use local windows users and groups to authenticate and authorize resources.
- Forms Authentication: This is a cookie-based authentication where username and password are stored on client machines as cookie files or they are sent through URL for every request. Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.
- Passport Authentication: Passport authentication is based on the passport website provided by the Microsoft. So when user logins with credentials it will be reached to the passport website (i.e. hotmail, devhood, windows live etc) where authentication will happen. If Authentication is successful it will return token to your website.
- Anonymous access: If you do not want any kind of authentication then you will for Anonymous access.
To enable a specified authentication provider for an ASP.NET application, you must create an entry in the application's configuration file as follows:
// web.config file
<authentication mode = "[Windows/Forms/Passport/None]">
</authentication>