Description
To implement security, one have to know the following two terms.
- Authentication
- Authorization
Description
Authentication is the process of checking whether the user credentials are valid or not.
If the user credentials are valid, User will be given ticket known as "Authentication Ticket". Always Authentication Ticket is in the form of the cookie.
Description
Authorization is a process of checking whether an authentication user is right to access the restricted resource or not.
Any website can have only one authentication mechanism.
To implement authentication, one should use authentication tag in the web.config file like
[html]
<Authentication mode="Windows Passport">
</Authentication>
[/html]
Types
There are 3 types of Authentications.
- Windows Authentications
- Forms Authentications
- Passport Authentications
Conceptual
figure
- The client sends a request for a Restricted page to the IIS.
- IIS will redirect the request to the windows login.
- In windows, login user credentials are accepted and verified from the operating system's user list.
- If the user credentials are valid, the user will be given a ticket known as Windows authentication ticket.
- Along with windows authentication ticket, user request will be redirected to the requested page.
- This method is best suited only for Intranet-based applications and not suitable for web-based application.
Description
In the Passport Authentication Method, common authentication is maintained for the group of websites as shown in the below figure.
Conceptual
figure
- The client sends a request for the restricted page in the group of websites.
- IIS will redirect the request to the PASSPORT.COM internally.
- In PASSPORT.COM, user credentials are accepted and cross verified from the database.
- If the user credentials are valid, one can create an authentication ticket to the user known as Passport Authentication.
- The user request is redirected to the requested page along with the authentication ticket.