Website Security

Authentication and Authorization

Authentication and Authorization Security has two concepts: Authentication: This is the process of determining user’s identities and forcing the users to prove that what they are who they claim to be. It Usually involves entering a username and password into some sort of Login page or window. These username and password are then authenticated against the window user’s …

Authentication and Authorization Read More »

Controlling Access to Specific Files

Controlling Access to Specific Files Generally, setting file access permissions by directory is the cleanest and easiest approach. However, you also have the option of restricting specific files by adding “location” tag to your web.config file. The “location” tag sit outside the main tag and are nested directly in the base <configuration> tag.

The Login Page

The Login Page After the web.config file is created, authentication mode and authorization rules have been specified. The next step is to create a web form page (Login Page.aspx) for your application that requests information from the user and decides whether the user should be authenticated.After the web.config file is created, authentication mode and authorization …

The Login Page Read More »

Windows Authentication

Windows Authentication Windows-based authentication is handled between the Windows server where the ASP.NET application resides and the client machine. In a Windows-based authentication model, the requests go directly to IIS to provide the authentication process. This type of authentication is quite useful in an intranet environment, where you can let the server deal completely with …

Windows Authentication Read More »