Saturday, April 9, 2011

.NET/ASP.NET Interview Question - How to implement Authentication and Authorization?

Answer:
In ASP.NET there are three way to do Authentication and Authorization.
Windows Authentication:

In this methadology ASP.NET web pages will use local windows users and groups to authenticate and authorize resources.

<authentication mode="Windows">
<forms name="
AuthenticationDemo" loginUrl="logon.aspx" protection="All" path="/" timeout="30"
/>
</authentication>

Deny access to the anonymous user in the Authorization section as follows:

<authorization>
   <deny users ="?" />
</authorization>

Forms Authentication:
This is a cookie based authentication where user name and password stored on client machine as cookie files or they are sent to URL for every request. Form-based authentication presents the users with an HTML-based web page that prompts the user for credentials. In case browser doesn't support cookies then username and password passed via URL string for every request.

<authentication mode="Forms">
<forms name=" AuthenticationDemo" loginUrl="logon.aspx" protection="All" path="/" timeout="30" />
</authentication>
<credential passwordFormat=”SHA1”>
<username="admin" password="admin">
</credential>

Deny access to the anonymous user in the Authorization section as follows:

<authorization>
  <deny users ="?" />
</authorization>

Passport Authentication:
Passport authentication is based on passport website provided by the microsoft.So when user logins with credentials it will be reached to the passport website(i.e. hotmail,devhood,windows live
etc)where authentication will happen.If authentication is successful it will
return a token to your website.

<authentication mode= "Passport"/>

Regards,

Please click here to see more .NET/ASP.NET interview questions

No comments: