Understanding Security Every page that you create with ASP.NET is not meant to be open and accessible to everyone on the internet.But, sometimes you want to create pages of an application this accessible to a …
Read More »Website Security
Authentication and Authorization
Authentication and Authorization Security has two concepts: Authentication: This is the process of determining user’s identities and forcing the users to prove that what they are who they claim to be. It Usually involves entering a username and …
Read More »Forms Authentication
Forms Authentication Forms-based authentication is a popular mode of authenticating users to access an entire application or specific resources within an application. Using it allows you to put the login form directly in the application …
Read More »Web.config Settings
Web.config Settings We define the type of security in the web.config file by using the <authentication> tag. Here we configure the application to use forms authentication by using the <authentication> tag and having the different …
Read More »Authorization Rules
Authorization Rules If you make changes in an application’s web.config file and request a page, you will notice that nothing unusual happens, and the web page served in the normal way. This is because though …
Read More »Controlling Access to Specific Directories
Controlling Access to Specific Directories A common application design is to place files that require authentication in a separate directory. With ASP.NET configuration files, this approach is easy.
Read More »Controlling Access to Specific Files
Controlling Access to Specific Files Generally, setting file access permissions by directory is the cleanest and easiest approach. However, you also have the option of restricting specific files by adding “location” tag to your web.config …
Read More »Controlling Access for Specific Users
The “allow “and “deny” rules do not need to use the asterisk or question mark wildcards. Instead, they can specifically identify user names. For example, the user’s specified inside the “deny user” tag are restricted …
Read More »The Login Page
The Login Page After the web.config file is created, authentication mode and authorization rules have been specified. The next step is to create a web form page (Login Page.aspx) for your application that requests information …
Read More »Signing Out
Signing Out Any web application that uses form authentication should also feature a prominent log out button that destroys the Forms Authentication cookie.
Read More »Windows Authentication
Windows Authentication Windows-based authentication is handled between the Windows server where the ASP.NET application resides and the client machine. In a Windows-based authentication model, the requests go directly to IIS to provide the authentication process. …
Read More »Creating Users
You use aspects of Windows-based authentication to allow specific users who have provided a domain login to access your application or parts of your application. Because it can use this type of authentication, ASP.NET makes …
Read More »Authenticating and Authorizing a User
Authenticating and Authorizing a User Now create an application that allows the user to enter data in it. You work with the application’s web.config file to control which users are allowed to access the site …
Read More »