How to use Web Security in Asp.net

                                                  How to use Web Security in Asp.net

Authentication: 

Authentication is any process by which a system verifies the identity of a User who wishes to access it. Since Access Control is normally based on the identity of the User who requests access to a resource, it is essential to effective Security.

It may be implemented using Credentials, each of which is composed of a User ID and Password. Alternately, Authentication may be implemented with Smart Cards,

  Means:  identified user valid or not

Authorization: 

Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). Assuming that someone has logged in to a computer.

                                            operating system  or  application the  system or application 

may want to identify what resources the  user can be given during and  session thus authorization is  sometimes seen as both the preliminary setting up of permission by a system administrator and  actual checking of the permission values that have been set up when a user is  getting access

Means:  this resources which are permission or not



Types of Security in Asp.net:  

                           · Windows based Security  (user  based)

                           ·  From based Security        (Internet based)

                   ·  Passport based Security    

There are three ways of doing authentication and authorization in ASP.NET:-

• Windows authentication: -

 In this methodology ASP.NET web pages will use local windows users and groups to authenticate and authorize resources.

• Forms Authentication: - 

This is a cookie based authentication where username and password are stored on client machines as cookie files or they are sent through URL for every request. Form-based authentication presents the user with an HTML-based Web page that prompts the user for credentials.

• Passport authentication :- 

Passport authentication is based on the passport website provided
by the Microsoft .So when user logins with credentials it will be reached to the passport website ( i.e. hotmail,devhood,windows live etc) where authentication will happen. If Authentication is successful it will return a token to your website.

• Anonymous access: -

 If you do not want any kind of authentication then you will go for Anonymous access.

Generic Principal and Generic Identity objects represent users who have been authenticated using Forms authentication or other custom authentication mechanisms. With these objects, the role list is obtained in a custom manner, typically from a database.
Forms Identity and Passport Identity objects represent users who have been authenticated with Forms and Passport authentication respectively.

                                               Process ................................................
                                     

Coding for Login.aspx.cs ………………………………………

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

//using this  name  space  for  web security

using System.Web.Security;

public partial class Login : System.Web.UI.Page

{

    protected void Page_Load(object sender, EventArgs e)

    {

    }

    protected void BLogin_Click(object sender, EventArgs e)

    {

        if (txtusername.Text == "KushKumarTiwari" && txtpassword.Text == "1234")

        {

            //FormsAuthentication.RedirectFromLoginPage(txtusername.Text, false);

            FormsAuthentication.RedirectFromLoginPage("a", false);

            Response.Redirect("WelComeUser.aspx");

           

          

        }

    }

}

 

Coding for web.config ………………………………………

<?xml version="1.0"?>

<!--

  For more information on how to configure your ASP.NET application, please visit

  http://go.microsoft.com/fwlink/?LinkId=169433

  -->

<configuration>

  <system.web>

    <authentication mode="Forms">

      <forms loginUrl="Login.aspx" defaultUrl="WelComeUser.aspx">

      </forms>

    </authentication>

    <authorization>

      <deny users="?"/>

    </authorization>

    <compilation debug="true" targetFramework="4.0"/>

  </system.web>

 

 

  <!--this code for which part of website you want to free on your websits-->

 

  <location path="img">

    <system.web>

      <authorization>

        <allow users="*"/>

        </authorization>

    </system.web>

  

  </location>

</configuration>

Coding for Logout Button………………………………………

protected void BLogout_Click(object sender, EventArgs e)

    {

      

        FormsAuthentication.SignOut();

        FormsAuthentication.RedirectToLoginPage();

       

    }