How to use Web
Security in Asp.net
Authentication:
Authentication is any process by which
a system verifies the identity of a User who wishes to access it. Since Access Control is normally based on
the identity of the User who requests access to a
resource, it is essential to effective Security.
It may be implemented
using Credentials, each of which is composed of
a User ID and Password. Alternately, Authentication may be implemented with Smart Cards,
Means: identified user valid or not
Authorization:
Authorization is the process of giving someone permission to
do or have something. In multi-user computer systems, a system administrator
defines for the system which users are allowed access to the system
and what privileges of use (such as access to which file directories, hours of
access, amount of allocated storage space, and so forth). Assuming that someone
has logged in to a computer.
operating
system or application
the system or application
may want to identify what resources the user can be
given during and session thus authorization is sometimes seen as
both the preliminary setting up of permission by a system administrator and
actual checking of the permission values that have been set up
when a user is getting access
Means: this resources which
are permission or not
Types of Security in Asp.net:
Types of Security in Asp.net:
· Windows based
Security (user based)
· From based Security (Internet based)
· Passport based Security
• Windows authentication: -
Process ................................................
There are three ways of
doing authentication and authorization in ASP.NET:-
• Windows authentication: -
In
this methodology ASP.NET web pages will use local windows users and groups to
authenticate and authorize resources.
• Forms Authentication: -
• Forms Authentication: -
This is a cookie based authentication
where username and password are stored on client machines as cookie files or
they are sent through URL for every request. Form-based authentication presents
the user with an HTML-based Web page that prompts the user for credentials.
• Passport authentication :-
• Passport authentication :-
Passport authentication is based on the passport website
provided
by the Microsoft .So when user logins with credentials it will be reached to the passport website ( i.e. hotmail,devhood,windows live etc) where authentication will happen. If Authentication is successful it will return a token to your website.
• Anonymous access: -
by the Microsoft .So when user logins with credentials it will be reached to the passport website ( i.e. hotmail,devhood,windows live etc) where authentication will happen. If Authentication is successful it will return a token to your website.
• Anonymous access: -
If you
do not want any kind of authentication then you will go for Anonymous access.
Generic Principal and Generic Identity objects represent users who have been authenticated using Forms authentication or other custom authentication mechanisms. With these objects, the role list is obtained in a custom manner, typically from a database.
Forms Identity and Passport Identity objects represent users who have been authenticated with Forms and Passport authentication respectively.
Generic Principal and Generic Identity objects represent users who have been authenticated using Forms authentication or other custom authentication mechanisms. With these objects, the role list is obtained in a custom manner, typically from a database.
Forms Identity and Passport Identity objects represent users who have been authenticated with Forms and Passport authentication respectively.
Process ................................................
Coding for Login.aspx.cs ………………………………………
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
//using this name space
for web security
using System.Web.Security;
public partial class Login :
System.Web.UI.Page
{
protected void Page_Load(object
sender, EventArgs e)
{
}
protected void BLogin_Click(object
sender, EventArgs e)
{
if
(txtusername.Text == "KushKumarTiwari"
&& txtpassword.Text == "1234")
{
//FormsAuthentication.RedirectFromLoginPage(txtusername.Text,
false);
FormsAuthentication.RedirectFromLoginPage("a", false);
Response.Redirect("WelComeUser.aspx");
}
}
}
Coding for web.config ………………………………………
<?xml version="1.0"?>
<!--
For more information on
how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="WelComeUser.aspx">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<compilation debug="true" targetFramework="4.0"/>
</system.web>
<!--this code for which part of website you want to free on
your websits-->
<location path="img">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Coding for Logout Button………………………………………
protected void
BLogout_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
Thanks for your informative articel .its very useful
ReplyDeletebest dot net training in chennai | dot net training in chennai | dot net training institutes in chennai
The blog gave me idea to implement web security in asp.net The explanations were really useful and helpful my sincere thanks for sharing this post
ReplyDeleteDot Net Training in Chennai
really you have posted an informative blog. thank you for sharing such kind of an interesting blogs. so keep on sharing such kind of useful blogs.
ReplyDeletedotnet training in chennai
It is really a great work and the way in which u r sharing the knowledge is excellent. Thanks for helping me to understand basic concepts. Hadoop Training in Chennai
ReplyDeleteVery Interest information.Keep sharing
ReplyDeleteAbinitio Online Training | Hadoop Online Training | Cognos Online Training