Authentication: - prove genuineness
Authorization: - process of granting approval or permission on resources.
web.config
<authentication mode="Windows"/>
unknown user.
<authorization>
<deny users="?"/>
</authorization>
‘Admin.aspx’ pages.
<location path="Admin.aspx">
<system.web>
<authorization>
<allow roles="questpon-srize2\Administrator"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
---------------------
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30" defaultUrl="Home.aspx" cookieless="AutoDetect">
<credentials passwordFormat="Clear">
<user name="Shiv" password="pass@123"/>
<user name="Raju" password="pass@123"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<location path="Admin.aspx">
<system.web>
<authorization>
<allow users="Shiv"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="User.aspx">
<system.web>
<authorization>
<allow users="Shiv"/>
<allow users="Raju"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Authentication: - prove genuineness
Authorization: - process of granting approval or permission on resources.
from:codeproject
-----------------------------
In order to do custom authentication you need to need to just replace “FormsAuthentication.Authenticate” statement with your validation. For instance in the below code we have used
‘clsUser’ class to do authentication but we have yet used the cookie creation mechanism provided by ‘FormAuthentication’ system.
Collapse | Copy Code
clsUser objUser = new clsUser();
if (objUser.IsValid(txtUser.Text,txtPass.Text))
{
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, true);
}
-----Asp.net ASP.NET membership and roles
1、Run aspnet_regsql.exe from ‘C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727’ folder. Enter SQL Server credentials and run the exe. This will install all the necessary stored
procedures and tables as shown in figure ‘Object created by aspnet_regsql.exe’
2.Specify the connection string in the ‘web.config’ file where your ASP.NET roles tables and stored procedures are created.
<connectionStrings>
<remove name="LocalSqlServer1"/>
<add name="LocalSqlServer1" connectionString="Data Source=localhost;Initial
Catalog=test;Integrated Security=True"/>
<add name="MembershipProviderConnectionString" connectionString="Data Source=aa.b.com,3666;Initial Catalog=aa;Persist Security Info=True;User ID=aa;Password=s" providerName="System.Data.SqlClient" />
</connectionStrings>
3.Specify the ASP.NET membership provider and connect the same with the connection string provided in the previous step.
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider"/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqlServer1" enablePasswordRetrieval="false"
enablePasswordReset="true" applicationName="/" minRequiredPasswordLength="7"/>
</providers>
</membership>
------------------
<membership defaultProvider="(local)">
<providers>
<add name="(local)" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.3500.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="MembershipProviderConnectionString" applicationName="/aa.b.Web" description="" requiresUniqueEmail="false" enablePasswordRetrieval="false" enablePasswordReset="true" maxInvalidPasswordAttempts="5" requiresQuestionAndAnswer="false" passwordFormat="Hashed" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" />
</providers>
</membership>
4.We also need to specify the role provider and connect the same with the connection string provided in the previous session.
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer1"
applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>
------------------------------
<roleManager defaultProvider="(local)" enabled="true">
<providers>
<add connectionStringName="MembershipProviderConnectionString" applicationName="/aa.b.Web" description="" name="(local)" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.3500.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</roleManager>
5.Now you can user the "Membership" class to create users and roles.
Membership.CreateUser("aa01","sss"); //create a user in table dbo.aspnet_Users, (ApplictionId UserName LoweredUserName)
user(0)="aa01";
Roles.CreateRole("Developer");
Roles.AddUsersToRole(user,"Developer");// Table aspnet_Users(UserName) , aspnet_User..(UserId,RoleId),aspnet_Roles(RoleName);
Forms Authentication using Single Sign on
Many time we would like to implement single sign on across multiple sites. This can be done using forms authentication. You can implement forms authentication in both the websites
with same machine key. Once the validation is done in one website a cookie text file will be created. When that user goes to the other website the same cookie file will used to ensure
that the user is proper or not.
Please note you need to have same machine key in both the web.config files of your web application.
Collapse | Copy Code
<machineKey
validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E340
0267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
decryptionKey="8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F"
validation="SHA1" />
You can see a very detail article on Single sign at http://msdn.microsoft.com/en-us/library/ms972971.aspx . You can also download the code from http://download.microsoft.com/
download/B/7/8/B78D1CED-2275-4AEE-B0BE-0DEA1A2A9581/MSDNEnterpriseSecurity.msi
The above discusses how a internal intranet and internet application login through one single sign-on facility.