Why Authentication and Authorization Needed
Authentication and Authorization
(Page 1 of 4 )
Authentication and Authorization are two interrelated concepts, which form the core of security for .NET applications. The authentication and authorization processes in ASP.NET are very flexible, simple and can be implemented in the code. ASP.NET is not a standalone product; it is linked with IIS and is, in fact, a layer on top of IIS. So, any request that comes into the ASP.NET process is first authenticated and authorized by IIS. In short, the ASP.NET process is completely unaware if any user has been denied access to any page by IIS. Several security authorities interact when the user raises a request for an ASP.NET page. You must get to know how these processes work in order to fully understand the ASP.NET system.
|Authentication |Authorization |
|Authentication is a process in which the user’s credentials are used to verify|Authorization is a process in which the |
|the user’s identity. In short, this is the process of determining the identity|authenticated user is allowed (authorized) access |
|of the request entity. |to resources. |
|In short, whenever a user logs on to an application, the authentication process is first carried followed by the authorization |
|user. Certain applications do not have any restriction/validation on the logged in user. Even such applications authenticate the |
|user as anonymous. |
ASP.NET and IIS
Below, is the sequence of events involved in the authentication process (jointly done by IIS and ASP.NET): 1. The incoming request is first checked by IIS. If the IP address from where the request is sought is not allowed access to the domain, IIS denies
(Page 1 of 4 )
Authentication and Authorization are two interrelated concepts, which form the core of security for .NET applications. The authentication and authorization processes in ASP.NET are very flexible, simple and can be implemented in the code. ASP.NET is not a standalone product; it is linked with IIS and is, in fact, a layer on top of IIS. So, any request that comes into the ASP.NET process is first authenticated and authorized by IIS. In short, the ASP.NET process is completely unaware if any user has been denied access to any page by IIS. Several security authorities interact when the user raises a request for an ASP.NET page. You must get to know how these processes work in order to fully understand the ASP.NET system.
|Authentication |Authorization |
|Authentication is a process in which the user’s credentials are used to verify|Authorization is a process in which the |
|the user’s identity. In short, this is the process of determining the identity|authenticated user is allowed (authorized) access |
|of the request entity. |to resources. |
|In short, whenever a user logs on to an application, the authentication process is first carried followed by the authorization |
|user. Certain applications do not have any restriction/validation on the logged in user. Even such applications authenticate the |
|user as anonymous. |
ASP.NET and IIS
Below, is the sequence of events involved in the authentication process (jointly done by IIS and ASP.NET): 1. The incoming request is first checked by IIS. If the IP address from where the request is sought is not allowed access to the domain, IIS denies