Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Security in ASP.NET
page 3 of 4
by . .
Feedback
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 21226/ 38
The Logon Process

So far you've only seen what happens when a user tried to access a page, but how does the logon process actually work?

Windows Based

Windows based security is the simplest because most of it is based on Window's response (all done on the same server or domain).

Forms based Security

This is a bit more complicated and there are two ways of doing it -

1) Without credentials in web.config

This is also simple but FormsAuthenticate (the object that handles form based security) does nothing but wait for information regarding what to do.

2) With credentials in web.config

You can clearly see that this does not rely on the developer to perform the authentication, the developer just sends the information to FormsAuthenticate and it handle's the rest (apart from when it comes back to the page, then they have to redirect or something).

Passport

Passport authentication is massively different to both of the above methods because it does a lot of switching between servers. There are two different ways the user can be authenticated -

1) Without Windows XP

Again, it relies on passport's response. Also, the cookies allow the user to any part of the passport network and the cookies assign information such as timeout, u/p and timestamps all generated by the defaults at passport.com

2) With Windows XP (running IE6)

The details for this way are sent through something called "passport authentication" that works differently to normal detail submission. There is however no details on the specifics of how it works and it seems to have an inconsistent authentication behavior. The cookies are also a bit different.

View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-24 4:10:19 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search