Authentication and Authorization

ASP.NET Community

Rate me:

0.00/5 (No votes)

11 Oct 2013CPOL2 min read

8.4K

Authentication means figuring out who you are and Authorization means figuring out what you can do. Both are fundamental parts of the ASP.NET

This articles was originally at wiki.asp.net but has now been given a new home on CodeProject. Editing rights for this article has been set at Bronze or above, so please go in and edit and update this article to keep it fresh and relevant.

Authentication means figuring out who you are and Authorization means figuring out what you can do. Both are fundamental parts of the ASP.NET Security Model.

An Overview of Authentication and Authorization - This is a good place to start.
Samples and Quickstarts at GotDotNet - These are the original Quickstarts for ASP.NET, and the authentication and authorization section is particularly well written.
Nice IIS6 Diagram on Auth/Auth in ASP.NET - There's a good flowchart on this page explaining how auth/auth works in IIS 6.
Code-Free Authentication and Authorization in ASP.NET 2.0 - Video on how to add full-featured authentication and authorization in ASP.NET 2.0, including a login page, with no lines of code in less than 10 minutes.

One thing to notice in ASP.NET authentication mechanism is that ASP.NET authenticates requests for resources such as .aspx, .asmx, .ashx, .axd, .ascx and others that are mapped to the ASP.NET ISAPI DLL (aspnet_isapi.dll). ASP.NET does not authenticate requests for images (GIF, JPEG, etc), CSS or JavaScript files. If you want these resources also to be secured by ASP.NET (Forms Authentication, Windows Authentication or Passport), add them to the list of ASP.NET ISAPI mappings. This can be done from the Internet Information Services Manager (IIS Manager) by following these steps:

Open IIS Manager (Start/Run, type inetmgr and Enter)
From the left-side tree view, select the web application you want to change the mappings for
Right-click on the web application and select Properties
Swirch to Home Directory Tab and click Configuration
On the Mappings tab, click Add and enter the extension (one of .js, .css, .jpeg) and ASP.NET ISAPI DLL path for Executable. You can copy/paste the complete path to the ISAPI DLL from any other mapping, .aspx, for example.
Repeat the above step for other file extensios too, if required
Click OK thrice

Once done, requests to non-ASP.NET resources will also be subjected to ASP.NET authentication. The downside of this approach however is that it negatively impacts the performance of the web application because ASP.NET has to authenticate additional resource requests.

Be sure to visit the subpages for more information on specific kinds of authorization like Forms, Windows, Passport, Basic, and custom. This is just the start!

This article was originally posted at http://wiki.asp.net/page.aspx/43/authentication-and-authorization

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

ASP.NET Community

United States

The ASP.NET Wiki was started by Scott Hanselman in February of 2008. The idea is that folks spend a lot of time trolling the blogs, ~~googling~~live-searching for answers to common "How To" questions. There's piles of fantastic community-created and MSFT-created content out there, but if it's not found by a search engine and the right combination of keywords, it's often lost.

The ASP.NET Wiki articles moved to CodeProject in October 2013 and will live on, loved, protected and updated by the community.

This is a Collaborative Group

754 members

Authentication and Authorization

License

Comments and Discussions