Website Security

Understanding Security

Understanding Security Every page that you create with ASP.NET is not meant to be open and accessible to everyone on the internet.But, sometimes you want to create pages of an application this accessible to a limited group of persons so for that you need security measures. Security measures help you to protect the data behind …

Understanding Security Read More »

Authentication and Authorization

Authentication and Authorization Security has two concepts: Authentication: This is the process of determining user’s identities and forcing the users to prove that what they are who they claim to be. It Usually involves entering a username and password into some sort of Login page or window. These username and password are then authenticated against the window user’s …

Authentication and Authorization Read More »

Forms Authentication

Forms Authentication Forms-based authentication is a popular mode of authenticating users to access an entire application or specific resources within an application. Using it allows you to put the login form directly in the application so that the end user simply enters his username and password into an HTML form contained within the browser itself. …

Forms Authentication Read More »

Web.config Settings

Web.config Settings We define the type of security in the web.config file by using the <authentication> tag. Here we configure the application to use forms authentication by using the <authentication> tag and having the different settings also.

Authorization Rules

Authorization Rules If you make changes in an application’s web.config file and request a page, you will notice that nothing unusual happens, and the web page served in the normal way. This is because though you have allowed forms authentication for your application, you have not restricted users. In others words, we can say that …

Authorization Rules Read More »

Controlling Access to Specific Files

Controlling Access to Specific Files Generally, setting file access permissions by directory is the cleanest and easiest approach. However, you also have the option of restricting specific files by adding “location” tag to your web.config file. The “location” tag sit outside the main tag and are nested directly in the base <configuration> tag.

The Login Page

The Login Page After the web.config file is created, authentication mode and authorization rules have been specified. The next step is to create a web form page (Login Page.aspx) for your application that requests information from the user and decides whether the user should be authenticated.After the web.config file is created, authentication mode and authorization …

The Login Page Read More »

Signing Out

Signing Out Any web application that uses form authentication should also feature a prominent log out button that destroys the Forms Authentication cookie.

Windows Authentication

Windows Authentication Windows-based authentication is handled between the Windows server where the ASP.NET application resides and the client machine. In a Windows-based authentication model, the requests go directly to IIS to provide the authentication process. This type of authentication is quite useful in an intranet environment, where you can let the server deal completely with …

Windows Authentication Read More »

Creating Users

You use aspects of Windows-based authentication to allow specific users who have provided a domain login to access your application or parts of your application. Because it can use this type of authentication, ASP.NET makes working with applications that are deployed in an intranet environment quite easily. If a user has logged on to a …

Creating Users Read More »

Scroll to Top