Professional Documents
Culture Documents
Authentication
Authorization
Confidentiality
Integrity
1. Authentications
a. In Web.config
4. wild cards
a. *: implies all
b. ?: represents all anonymous users
Use the IPrincipal interface of the User object attached to the current
HTTP request. This approach works with ASP.NET versions 1.0, 1.1.
and 2.0. When using Windows authentication, make sure to use the
domainName\userName format for the user name and the format
domainName\groupName for the group name
• Alternatively, use role manager APIs introduced in ASP.NET version 2.0, which supports
Form based
Web.config
<authentication mode="Forms">
<forms name="secure" loginUrl="Login.aspx"
path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
protected void Button1_Click(object
sender, EventArgs e) {
if (TextBox1.Text == "deepa" &&
TextBox2.Text == "deepa")
FormsAuthentication.Redi
rectFromLoginPage(TextBox1.Text,
true);
else
Response.Write("Unauthorized");
}
Authentication against values contained in web.config
<authentication mode="Forms">
<forms name="secure" loginUrl="Login.aspx" path="/">
<credentials passwordFormat="Clear">
<user name="deepa" password="deepa"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>