1. AUTHENTICATION

2. Authentication Authentication identifies a user (Who are you?) Windows
Forms
Passport

3. Authentication Modes Windows
Best used in internal applications and intranets,
Must be Windows Domain user,
Cannot be persistent.
Can be cookieless.

4. Web.Config Windows Authentication
Just need to specify the mode:
<authentication mode=“Windows“ />

5. Authentication Modes Forms Familiar to commercial web sites,
Can present a nice looking login screen,
Can be any type of user,
Can be persistent (via cookies),
Can be cookieless.

6. By default, the authentication process will create a client side cookie.
Speeds up page access i.e. does not need to do a full check for each page.
Some browsers will reject cookies.
So…. Make it cookieless
<sessionState mode="InProc" stateConnectionString="tcpip= :42424" cookieless="true" timeout="20" />
Beware of the URL’s it creates i.e.

7. Web.Config Forms Authentication
Need to specify the mode and login forms location.
Can include credentials if you are going to authenticate against the Web.config.
<authentication mode="Forms">
<forms loginUrl=“loginform.aspx“ other options can go here />
<credentials passwordFormat=“SHA1, MD5 or Clear”>
<user name=“Joe” password=“joespassword” /> …
</credentials>
</authentication>

8. Authentication Modes Passport
Some commercial web sites but mainly Microsoft’s sites,
Strict guidelines for branding and use,
Licensed, and
Hosted by Microsoft.

9. Web.Config Passport Authentication
Download the Passport SDK.
Development Licence is free, production licence is NOT.
Specify the mode:
<authentication mode=“Passport“ />