Difference between Authentication and Authorization

Authentication

What is ASP.Net Authentication

Authentication is the process of verifying the identity of a user by obtaining some sort of credentials and using those credentials to verify the user's identity. If the credentials are valid, the authorization process starts. Authentication process always proceeds to Authorization process.

ASP.Net Authentication

The ASP.NET authentication scheme that is used to identify users who view an ASP.NET application. An ASP.net application has two separate authentication levels because all requests coming through IIS before it handled by ASP.NET. After IIS authentication schemes ASP.NET implements additional authentication schemes. They are :

  1. Windows Authentication
  2. Forms Authentication
  3. Passport Authentication

The mode attribute specifies the authentication scheme.

<authentication mode="[Windows|Forms|Passport|None]" >

None Authentication

You can specify "None" as the authentication provider when requests are not authenticated at all or if you plan to develop custom authentication code.

When you need "None" authentication, use the following Web.config configuration:

<system.web> <authentication mode="None" /> </system.web>

Authorization

What is ASP.Net Authorization

Authorization is the process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user.

Asp.Net Authorization

ASP.NET allows two ways to authorize access to a given resources, they are URL authorization and File authorization

URL authorization

URL authorization maps users and roles to URLs in ASP.NET applications

File authorization

File authorization validate the ACL (access control list) of the .aspx or .asmx handler file to determine whether a user should have access to the file.

How to implement Authorization ?

The following example shows a sample implementation of Authorization logic in web.config file.

<authorization> <allow roles="Administrators" /> <deny users="*" /> </authorization>





Related Topics
  1. Asp.Net Interview Questions (Part-1)
  2. Asp.Net Interview Questions (Part-2)
  3. Advantages of ASP.NET Web Development
  4. What is IIS - Internet Information Server
  5. What is Virtual Directory
  6. What is HttpHandler
  7. Page Directives in Asp.Net
  8. What is a postback
  9. What is IsPostBack
  10. What is global.asax
  11. Difference between Machine.config and web.config
  12. Difference between HTML control and Web Server control
  13. What is Query String
  14. How to secure Connection Strings
  15. What is ASP.Net tracing
  16. Passing values between Asp.Net pages
  17. Differentiate between client side validation and server side validation
  18. How to Get host domain from URL
  19. Adding a Favicon To Your Website
  20. Asp.Net Textbox value in Javascript
  21. AutoEventWireup attribute in ASP.NET
  22. Can I use multiple programming languages in a ASP.net Web Application?
  23. Difference: Response.Write and Response.Output.Write
  24. How many web.config files can I have in an application?
  25. What is Protected Configuration in asp.net?
  26. Static variables, what is their life span?
  27. Difference between ASP Session and ASP.NET Session?
  28. What does mean Stateless?
  29. What is the Difference between session and caching?
  30. What are different types of caching using cache object of ASP.NET?
  31. Which method is used to remove the cache object?
  32. How many types of Cookies are available in ASP.NET?
  33. What is Page Life Cycle in ASP.net?
  34. What is the code behind and Inline Code in Asp.Net?
  35. What is master page in ASP.NET?
  36. Can you change a Master Page dynamically at runtime?
  37. What is cross-page posting in ASP.NET?
  38. How to redirect a page in asp.net without performing a round trip ?
  39. How to register custom server control on ASP.NET page?
  40. How do you validate Input data in Asp.Net?
  41. What's the difference between ViewData and ViewBag?
  42. Difference between Response.Redirect and Server.Transfer
  43. What is the function of the CustomValidator control?
  44. Define RequiredFieldValidator?
  45. Difference between custom control and user control
  46. Difference between Label and Literal control in ASP.Net
  47. What are the major events in Global.Asax file?
  48. What is Event Bubbling in asp.net ?
  49. What is Delay signing?
  50. What is the difference between in-proc and out-of-proc?
  51. What is the difference between POST and GET?
  52. A potentially dangerous Request.Form value was detected from the client