Well, as you all are familiar what authentication is and what ASP .NET is, I will directly jump to the different types of ASP .NET Authentication options we have.
The three main types of authentication available in ASP .NET are:
1) Windows Authentication
2) Forms Authentication
3) Passport Authentication
The authentication process can be divided into following steps. Reading this will give you a more clear idea and helps understanding this article.
STEPS
1) The request is first served by IIS server. IIS check for the IP of incoming request and allow or deny access according to the allowable domain access configuration.
2) Next thing is IIS will perform it’s authentication it is configured to do. By default it allows all access but you can always go back and change it per application.
3) Once this is done request is passed to ASP .NET application itself where the authentication of the user is performed according to the setting made in WEB.CONFIG and further the resources are allowed or denied to the user.
Now remember our three authentication techniques I described at start.
1) Windows Authentication: will allow you to authenticate user on his/her windows account and credentials. IIS does this for you and passes and credential to code page if required. This is used when the application is an INTRANET application and uses are fixed.
2) Passport Authentication: uses Microsoft passport services to authenticate user. This is used when you have different application hosed on a server and you want to provide single time authentication to user. What I mean is once he/she is authenticated he/she will be authorized to access other applications without any authentication process which has passport authentication as its authentication method.
3) Forms Authentication: This is the most commonly used method of authentication. Simple THML forms are used to collect user data and they are validated against your database and custom configuration for specific user.
Before we go ahead and see details of these methods go through the diagram below. It will give you more idea about I mentioned above.
Now let’s start with each of the above methodology to perform ASP .NET authentication. Let’s take a look at passport authentication and windows authentication first.
1) Passport Authentication
This lets you integrate your application with Microsoft Passport services to authenticate users and allow access to your application resources. This has a major benefit named single-sign on. It means user has to provide credentials only once to access all the application using passport authorization.
It uses encrypted cookie mechanism. To use and implement this in your application you have to download Passport Software Development kit and it has to be installed on your server where you are going to host your application. Sample implementation is shown as below.
<configuration>
<authenticationmode="Passport">
<passportredirectUrl="login.aspx" />
authentication>
<authorization>
<deny users="?" />
authorization>
configuration>
2) Windows Authentication
As I have mentioned before while creating Intranet application the first choice comes to our mind is windows authentication mode. When you integrate windows authentication you don’t have to create login page and maintain username/password database. But yes if you want to customize application to your get windows authentication and custom mode you need to manage table where you have to define user roles with your with their domain username in database.
This can be implemented as simply as writing following lines in your web.config file.
<authenticationmode="Windows" />
<authorization>
<denyusers="?"/>
authorization>
The benefit of using “Deny users” is that application is only available when username is always available from code on the server. I remember creating an application for one of my project where I had to implement mix-mode authentication along with windows authentication. I had to create different roles according to organization’s requirement and then allow/deny resources to the users according to their domain login name. If you have any question regarding this kind of mix mode authentication please send me an email and I would be more than happy to help you with your custom requirements.
I will try to briefly incorporate this. Simply create a table where the actual user names (Domain) user names are store. Let’s say your login name is “k.smith” in your company domain, store this in your database and store user role against this username. Again user roles can be complex and possibly a combination of 2-3 tables.
Once you store this in your database you can always check at the page load time the user from whom the request is coming from. That can be achieved from code below.
System.Security.Principal.IPrincipal User;
User = System.Web.HttpContext.Current.User;
string username = User.Identity.Name;
Now you have user name so you can check the role associated with this username and show/hide menu items accordingly. That’s it for now. I will explain more about Forms authentication in second part of this article.
No comments:
Post a Comment