Authentication is a process to check the user’s identity.The authenticated user information is stored in HttpContext.User.Identity
There are three types of authentication in Asp.Net
. Forms authentication
· Windows authentication
· Passport authentication
. Custom Authentication
Forms authentication
This authentication is based on cookies where the user name and the password are stored either in a file or in the database. After a user get authenticated, the credentials are stored in a cookie to in that session. This authentication supports both session and persistent cookies.
Windows authentication
This authentication relies upon IIS.After IIS authenticates a client, it passes a security token key to ASP.NET. ASP.NET constructs and attaches an object of the WindowsPrincipal Class to the application context based on the security token it receives from IIS
Pussport authentication
Passport authentication provider is a centralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites. Passport is basically a forms-based authentication service. In this mode of authentication the Passport service grants a site-specific key. The Passport logon server uses this key to encrypt and decrypt the query strings passed between the member site and the Passport logon server.
Authentication modes can be specified in the application’s web.config file as shown below:
Example1
configuration
authentication mode="[Windows/Forms/Passport/None]">
authentication>
configuration
OR
Example2
configuration
authentication mode="Forms"
forms name="UserLogin"loginUrl="UserLogin.aspx"
authorization
deny users="?"
authorization
configuration
OR
Example3
if (Verify (txtUserName.Text, txtPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False);
else
lblMessage.Text = "Invalid UserName/Password specified...";
}
private Verify(string userName, string password)
{
//Usual Code to connect to the DB
// and verify the user's credentials
}
