ASP.Net Authentication Modes

ASP.Net supports below authentication modes:
1. Windows
2. Forms
3. Passport
4. None

To enable authentication provider or mode we need to use authentication element from config file.
   <!-- mode=[Windows|Forms|Passport|None] -->
   <authentication mode="Windows" />
  This is a default authentication mode in This uses windows credentials for authentication. It relies on IIS to authenticate the user. Aftre authenticating the user it passes security token to Windows authentication provides below ways:

Anonymous: IIS allows everybody to access application, no authentication is done.

Basic: User must have to provide username and password to get access to application. But username and password get sent over network in plain text format so it is bit insecure.

Digest: Same as Basic windows authentication but password is hashed before sending it over the netwrok and also user need to be use IE5 or later and windows accounts should stored in active directory.

Windows Integrated: User still need to provied username and password but it never sent over the network. Application either uses kerberos or challenge response protocol to authenticate the user. Kerberos provides tools for authentication and strong cryptography for secure communication.

2. Forms Authentication mode:  Forms authentication uses own customised HTML form to collect users credentials. Client or user directly sends credentials to application code for authenticatio. If application authenticates user it issues a cookie to ensure user is present on subsequent requests.

<!-- Web.config file -->
   <authentication mode="Forms">
      <forms forms="demoApp" loginUrl="/login.aspx" />
 3. Passport Authentication: Passport authentication mode provides centralized authentication process provided by microsoft passport service. When user site registered with passport, the passport service grants site specific key.
<!-- Web.config file -->
   <authentication mode="Passport" />


Post a Comment