Let us discuss all the security providers in detail.
Authentication providers for ASP.NET – Authentication is the
process of identifying a user before actually deciding whether he can be given
the requested resource. ASP.Net implements authentication using the
authentication providers. There are 3 authentication providers that are shipped
with .net framework.
Windows Authentication Provider – This provider uses the class WindowsAuthenticationModule.
The event "Authenticate" in the WindowsAuthenticationModule gets the fired
application’s authenticating request.
Forms Authentication Provider – Similarl, the FormsAuthenticationModule
class is responsible for the authentication in case the forms authentication is
set. In case of successful authentication, the FormsAuthentication class takes
the lead by redirecting from the login page. It is to be noted that for both
Forms Authentication and Windows Authentication the base class for the provider
Passport Authentication Provider
Authorization providers – Once a user is successfully
authenticated and requests for a resource, the user needs to be authorized
whether he/she can be given access to the requested resource. Only then should he/she
be granted the requested resource. We have an interface known as “IAuthorizationProvider.”
This interface has a method Authorize. The entire concrete authorization
providers implement the method authorize.
ProfileProvider class in ASP.Net 2.0 – A user profile corresponds
to the user information pertaining to the application. It mostly contains when
was the last time the user logged in, when were the user details updated, etc.
ProfileInfo is the class that encapsulates all these functionalities.
ProfileProvider class has all the methods and properties that are used to
manage the Profile for a user.
In most of the cases we need to create custom profile providers
using the ProfileProvider base class. The reason is that in most of the cases
the data source that we deal may not be the one supported by .Net framework. We
need to write some extra code for it. Also, if we do not have our application
database schema exactly the same as the database schema required by the
ProfileProvider, we need to implement the ProfileProvider. SqlProfileProvider
class is used by ASP.NET to store and retrieve profile settings for an ASP.NET
application that is using a SQL Server database. This class extends and
implements the ProfileProvider class.
MembershipProvider – MembershipProvider class forms the basis for
managing the membership services for Application(s). This class provides all
the basic methods which are needed for creating, Updating, and managing users'
information. Apart from the methods related to the user, it also has methods related
for password management. We have methods in which the password encryption and
decryption are provided. MembershipProvider class is derived from the
ProviderBase class. Hence, it supports the provider model architecture.
Concrete class that implements MembershipProvider class is
SqlMembershipProvider. This class has all the methods defined for the SQL
Server. For using this provider we need to specify the type information in the
configuration file "type="System.Web.Security.SqlMembershipProvider."
When the type of the class is specified the .net runtime searches for all the
namespaces with “System.Web.Security” in all the assemblies referred and
searches for the type. Then using CreateInstance method of the Activator class
it creates an instance of the class.
RoleProvider – MembershipProvider class mainly takes care of the
services based on the user management. But RoleProvider is designed to provide
role-management services for all the ASP.NET applications. RoleProvider class
is the abstract base class for all the custom RoleProvider classes. It has
methods for creating a role, deleting a role, mapping a role to a user,
retrieving roles for a user, etc.