Securing Applications in ASP.NET 2.0
page 3 of 5
by Uday Denduluri
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 22418/ 69

Different Security Providers

Let us discuss all the security providers in detail.

·         Authentication providers for ASP.NET – Authentication is the process of identifying a user before actually deciding whether he can be given the requested resource. ASP.Net implements authentication using the authentication providers. There are 3 authentication providers that are shipped with .net framework.

1.    Windows Authentication Provider – This provider uses the class WindowsAuthenticationModule. The event "Authenticate" in the WindowsAuthenticationModule gets the fired application’s authenticating request.

2.    Forms Authentication Provider – Similarl, the FormsAuthenticationModule class is responsible for the authentication in case the forms authentication is set. In case of successful authentication, the FormsAuthentication class takes the lead by redirecting from the login page. It is to be noted that for both Forms Authentication and Windows Authentication the base class for the provider is IHttpModule.

3.    Passport Authentication Provider

·         Authorization providers – Once a user is successfully authenticated and requests for a resource, the user needs to be authorized whether he/she can be given access to the requested resource. Only then should he/she be granted the requested resource. We have an interface known as “IAuthorizationProvider.” This interface has a method Authorize. The entire concrete authorization providers implement the method authorize.

·         ProfileProvider class in ASP.Net 2.0 – A user profile corresponds to the user information pertaining to the application. It mostly contains when was the last time the user logged in, when were the user details updated, etc. ProfileInfo is the class that encapsulates all these functionalities. ProfileProvider class has all the methods and properties that are used to manage the Profile for a user.

·         In most of the cases we need to create custom profile providers using the ProfileProvider base class. The reason is that in most of the cases the data source that we deal may not be the one supported by .Net framework. We need to write some extra code for it. Also, if we do not have our application database schema exactly the same as the database schema required by the ProfileProvider, we need to implement the ProfileProvider. SqlProfileProvider class is used by ASP.NET to store and retrieve profile settings for an ASP.NET application that is using a SQL Server database. This class extends and implements the ProfileProvider class.

·         MembershipProvider – MembershipProvider class forms the basis for managing the membership services for Application(s). This class provides all the basic methods which are needed for creating, Updating, and managing users' information. Apart from the methods related to the user, it also has methods related for password management. We have methods in which the password encryption and decryption are provided. MembershipProvider class is derived from the ProviderBase class. Hence, it supports the provider model architecture.

·         Concrete class that implements MembershipProvider class is SqlMembershipProvider. This class has all the methods defined for the SQL Server. For using this provider we need to specify the type information in the configuration file "type="System.Web.Security.SqlMembershipProvider." When the type of the class is specified the .net runtime searches for all the namespaces with “System.Web.Security” in all the assemblies referred and searches for the type. Then using CreateInstance method of the Activator class it creates an instance of the class.

·         RoleProvider – MembershipProvider class mainly takes care of the services based on the user management. But RoleProvider is designed to provide role-management services for all the ASP.NET applications. RoleProvider class is the abstract base class for all the custom RoleProvider classes. It has methods for creating a role, deleting a role, mapping a role to a user, retrieving roles for a user, etc.

View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-05-27 9:54:51 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search