Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication and Authorisation in ASP.Net

Published byPhoebe Harrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Authentication and Authorisation in ASP.Net"— Presentation transcript:

1 Authentication and Authorisation in ASP.Net
By Dharam Shadija

2 Structure of Presentation
Review Application Directory structure Review Simple Authentication process Authentication in ASP.Net SQLMembershipProvider, SQLRoleProvider and SQLProfileProvider class Built-in Security controls Website Administration panel Summary

3 Authorisation and Authentication
Whereas Authentication is the process of checking user credentials against a database or active directory. Authorisation Authorisation is the process of checking whether a user or role has access to a particular part of the web site.

4 Simple Authentication process
IIS Browser Login page Client enters Login information Login page authenticates user info Puts user name in session and forwards user to secure area If incorrect details Access denied Default.asp

5 Simple Authentication process
Advantages Simple to setup Disadvantages Lot of code required from developers perspective High Maintenance User details not secure as stored as plain text

6 Forms Authentication process
IIS 2 Forms Authentication 1 Request forwarded to login page using settings in web.config Browser Client accesses secure area Authenticated Not Authenticated Login page 3 Puts user name in Authentication Cookie and forwards user to the page requested 3 If incorrect details Access denied Default.aspx

7 Authentication and Authorisation in ASP.Net
Provides ways to authenticate using pre-built database or against Active Directory Number of built-in security controls Based on Provider model i.e. can be extended by developers to write custom logic Number of pre-written methods to perform repetitive functions Pre-built SQL server database to hold user, role and access information Built on top of current implementation of Forms Authentication

8 Authentication and Authorisation in ASP.Net
System.Web.Security Namespace ProviderBase Inherits Inherits MembershipProvider ValidateUser() CreateUser() DeleteUser() RoleProvider AddUsersToRoles() CreateRole() DeleteRole()

9 SQLMembershipProvider and SQLRoleProvider class
Used to store user information in a pre-built SQL Server database file (ASPNetDB.mdf) Can be configured to point to another location using web.config file aspnet_user table SQLRoleProvider Used to store role information in a pre-built SQL Server database file (ASPNetDB.mdf) aspnet_role and aspnet_userInRole tables

10 SQLProfileProvider class
Enable developers to store user profile information in a pre-built SQL Server database file (ASPNetDB.mdf) User profile configured in web.config file aspnet_profile table Key methods GetAllProfiles(), DeleteProfiles() <add name="UIPreference" type="String" serializeAs="String"/> <add name="Address" type="String" serializeAs="String"/>

11 Built-in Security controls
Login control VerifyUser(username, password) PasswordRecovery control LoginStatus control LoginView control

12 Built-in Security controls
LoginName control CreateUserWizard control ChangePassword control

13 ASPNetDB.mdf

14 Configuring Forms Authentication
Use a custom login page to validate the user ' web.config file <configuration> <system.web> <authentication mode= "Forms"> <forms name=".ASPXAUTH" loginUrl="Login.aspx" /> </authentication> </system.web> </configuration> Authentication information goes in web.config file at root level

15 Configuring Authorisation
To deny unauthorised users accessing files in a particular folder <configuration> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </configuration> Authorisation information goes in web.config file, could be at root level and at sub folder level Access level is inherited Deny anonymous access

16 Configuring Authorisation
Allow particular user or role access to this folder <configuration> <system.web> <authorization> <deny users="*"/> <allow users=“Jim, Mo" /> <allow roles=“Administrator" /> </authorization> </system.web> </configuration> Deny anonymous access

17 Forms Authentication Advantages Disadvantages
Automatically encrypts user information in Authentication cookie Takes away the plumbing from developer Provides a structure to implement Authentication and authorisation in ASP.Net applications Built-in UI controls Pre-written authentication logic Disadvantages Needs some work setting it up

18 Website Administration Panel
Developer friendly tool to setup Authentication and Authorisation information Stores information in an SQL Server database Configures Web.config to reflect changes done using Administration panel

19 Website Administration Panel

20 Summary Reviewed Forms Authentication Authentication in ASP.Net
SQLMembershipProvider and SQLRoleProvider class Built-in Security controls Website Administration panel

21 References Examining ASP.NET 2.0's Membership, Roles, and Profile This is a multipage article, explore all the pages.

Download ppt "Authentication and Authorisation in ASP.Net"

Similar presentations

Malek Kemmou Technology Architect, Application Platform Microsoft Middle East and Africa Overview of ASP.NET 2.0.

Malek Kemmou Technology Architect, Application Platform Microsoft Middle East and Africa Overview of ASP.NET 2.0.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.

Website Security ISYS 512. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows.
The Jukebox Orian Paz & Yair Cleper Instructor: Viktor Kulikov Semester: Spring 2009 Final Presentation.

The Jukebox Orian Paz & Yair Cleper Instructor: Viktor Kulikov Semester: Spring 2009 Final Presentation.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:

Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.

Building ASP.NET Applications 2 Lecture 3,4 T. Ahlam Algharasi 4 th Level.
Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.

Membership, Role Manager and Profile Membership, Role Manager and Profile Matt Gibbs ASP.NET Development Manager.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.

Website Security ISYS 512. Cookies Data in Cookies System.Web Which web site set the cookie Expiration date –DateTime data type –TimeSpan data type One.
Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Leading at Every Turn. 1)Make sure you have your Trusted Sites configured properly in Internet Explorer 2)Store your credentials on your PC so you.

Leading at Every Turn. 1)Make sure you have your Trusted Sites configured properly in Internet Explorer 2)Store your credentials on your PC so you.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Similar presentations

Ads by Google