SlideShare a Scribd company logo

Authentication & Authorization in ASPdotNet MVC

Download as ODP, PDF
Mindfire Solutions
Mindfire Solutions

This presentation focuses on achieving Authentication & Authorization in ASP.NET MVC 4 application.

SoftwareTechnology
1 of 14
Authentication and Authorization in ASP.NET MVC 4 Presenter – Raj Kumar Bhagat, Mindfire Solutions
Myself Certifications:- MCTS 70-515 Microsoft .Net 4.0 Web App Development MCP 70-486 Developing ASP.NET MVC 4.0 Web App Skills:- ASP.NET, MVC, C#, SQL Server, MySQL, Jquery, EntityFramework, LINQ Contact:- Email – rajb@mindfiresolutions.com Skype - mfsi_rajb
Contents ● Introduction - Why security is important? - Different ways to secure our application ● What is authentication and authorization? ● What are providers in ASP.NET? ● What is membership provider in ASP.NET? ● Problems with ASP.NET Membership ● SimpleMembership as a better Membership system ● Implementation of SimpleMembership provider in MVC 4 application
Introduction – Why Security? Security is one of the most important part of any Website or a Web Application. There are various ways to exploit a website/ web application: - ● Brute Force ● Sniffers ● Spoofing ● Social Engineering ● SQL Injection
How? ● Design application in good way ● Encrypt sensitive data while storing ● Validate input data before processing ● Force users to give strong password ● Implement Authentication and Authorization technique
Authentication and Authorization Authentication is a process where a user's credential is checked. e.g. - gmail, facebook etc. Authorization is a process where a user access the resource based on his/her role. Authentication always precedes Authorization.
What is a Provider in Asp.Net? ProviderBase class is an "Abstract Class" which follows the "Provider Model". This class is very simple and contains very few methods which is inherited from the "Object" Class.This class is a part of the System.Configuration.Provider namespace. This ProviderBase class implements a 2 step process. ● Feature-specific Providers (Membership/ Role/ Profile Providers) ● Implementation-specific Providers (SqlMembership Provider)
MembershipProvider in ASP.NET ● ASP.NET membership gives us a built-in way to validate and store user credentials. ASP.NET membership therefore helps us manage user authentication in web sites. ● ASP.NET Membership provides two types of Membership providers:- - SQLMembershipProvider - ActiveDirectoryMembershipProvider ● ASP.NET provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) ● This class inherits from the abstract ProviderBase class and contains various methods and properties to Create, Delete, Update, Validate, Get User information, Change Password
Problems with ASP.NET Membership ● Requires full SQL server for default cases ● Custom Membership Providers have to work with a SQL-Server- Centric API ● Designed around a specific view of users, roles, profiles ● Requires specific schema, overflow in blob columns
SimpleMembership ● Works with our schema ● Broaden database support to the whole SQL server family ● Easy to use with Entity Framework Code First
SimpleMembership integrates with ASP.NET Membership
Demo Implementation of SimpleMembership provider in MVC 4 application
References ● http://www.codeproject.com/Articles/637428/SimpleMembershipProvider-vs- MembershipProvider ● http://mvc-model.blogspot.in/2013/06/mvc-4-custom-simple-membership-provider. html ● http://blog.osbornm.com/2010/07/21/using-simplemembership-with-asp-net-webpages/
Thank You!!!

Recommended

Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
Web api
Web apiWeb api
Web apiSudhakar Sharma
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
API Security Fundamentals
API Security FundamentalsAPI Security Fundamentals
API Security FundamentalsJosé Haro Peralta
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
Web API authentication and authorization
Web API authentication and authorization Web API authentication and authorization
Web API authentication and authorization Chalermpon Areepong
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 

Recommended

Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
Web api
Web apiWeb api
Web apiSudhakar Sharma
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
API Security Fundamentals
API Security FundamentalsAPI Security Fundamentals
API Security FundamentalsJosé Haro Peralta
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
Web API authentication and authorization
Web API authentication and authorization Web API authentication and authorization
Web API authentication and authorization Chalermpon Areepong
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdfRubersy Ramos García
 
ASP.NET State management
ASP.NET State managementASP.NET State management
ASP.NET State managementShivanand Arur
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Spring security
Spring securitySpring security
Spring securitySaurabh Sharma
 
Api testing bible using postman
Api testing bible using postmanApi testing bible using postman
Api testing bible using postmanAbhishek Saxena
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationshipn|u - The Open Security Community
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman
 
Load testing
Load testingLoad testing
Load testingMindfire Solutions
 
Django-Queryset
Django-QuerysetDjango-Queryset
Django-QuerysetMindfire Solutions
 

More Related Content

What's hot

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetShivanand Arur
 
ASP.NET State management
ASP.NET State managementASP.NET State management
ASP.NET State managementShivanand Arur
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectJacob Combs
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Api testing bible using postman
Api testing bible using postmanApi testing bible using postman
Api testing bible using postmanAbhishek Saxena
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security TestingSmartBear
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman
 

What's hot (20)

Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Authentication and Authorization in Asp.Net
Authentication and Authorization in Asp.NetAuthentication and Authorization in Asp.Net
Authentication and Authorization in Asp.Net
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdf
 
ASP.NET State management
ASP.NET State managementASP.NET State management
ASP.NET State management
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Spring security
Spring securitySpring security
Spring security
 
Api testing bible using postman
Api testing bible using postmanApi testing bible using postman
Api testing bible using postman
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Getting Started with API Security Testing
Getting Started with API Security TestingGetting Started with API Security Testing
Getting Started with API Security Testing
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)
 

Viewers also liked

NoSql Day - Apertura
NoSql Day - AperturaNoSql Day - Apertura
NoSql Day - AperturaWEBdeBS
 
Django e il Rap Elia Contini
Django e il Rap Elia ContiniDjango e il Rap Elia Contini
Django e il Rap Elia ContiniWEBdeBS
 
Overview of Testing Talks at Pycon
Overview of Testing Talks at PyconOverview of Testing Talks at Pycon
Overview of Testing Talks at PyconJacqueline Kazil
 
NoSql Day - Chiusura
NoSql Day - ChiusuraNoSql Day - Chiusura
NoSql Day - ChiusuraWEBdeBS
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesMarkus Zapke-Gründemann
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesMarkus Zapke-Gründemann
 
2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论 2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论 Na Lee
 
2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to python2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to pythonJiho Lee
 
라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘Jiho Lee
 
Django mongodb -djangoday_
Django mongodb -djangoday_Django mongodb -djangoday_
Django mongodb -djangoday_WEBdeBS
 
Super Advanced Python –act1
Super Advanced Python –act1Super Advanced Python –act1
Super Advanced Python –act1Ke Wei Louis
 

Viewers also liked (20)

Load testing
Load testingLoad testing
Load testing
 
Django-Queryset
Django-QuerysetDjango-Queryset
Django-Queryset
 
NoSql Day - Apertura
NoSql Day - AperturaNoSql Day - Apertura
NoSql Day - Apertura
 
Vim for Mere Mortals
Vim for Mere MortalsVim for Mere Mortals
Vim for Mere Mortals
 
Django e il Rap Elia Contini
Django e il Rap Elia ContiniDjango e il Rap Elia Contini
Django e il Rap Elia Contini
 
Overview of Testing Talks at Pycon
Overview of Testing Talks at PyconOverview of Testing Talks at Pycon
Overview of Testing Talks at Pycon
 
Html5 History-API
Html5 History-APIHtml5 History-API
Html5 History-API
 
NoSql Day - Chiusura
NoSql Day - ChiusuraNoSql Day - Chiusura
NoSql Day - Chiusura
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlines
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlines
 
2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论 2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论
 
2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to python2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to python
 
Website optimization
Website optimizationWebsite optimization
Website optimization
 
2 × 3 = 6
2 × 3 = 62 × 3 = 6
2 × 3 = 6
 
라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘
 
PyClab.__init__(self)
PyClab.__init__(self)PyClab.__init__(self)
PyClab.__init__(self)
 
Django mongodb -djangoday_
Django mongodb -djangoday_Django mongodb -djangoday_
Django mongodb -djangoday_
 
User-centered open source
User-centered open sourceUser-centered open source
User-centered open source
 
EuroDjangoCon 2009 - Ein Rückblick
EuroDjangoCon 2009 - Ein RückblickEuroDjangoCon 2009 - Ein Rückblick
EuroDjangoCon 2009 - Ein Rückblick
 
Super Advanced Python –act1
Super Advanced Python –act1Super Advanced Python –act1
Super Advanced Python –act1
 

Similar to Authentication & Authorization in ASPdotNet MVC

Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptShivanand Arur
 
Riya Munshi JAVA Developer
Riya Munshi JAVA DeveloperRiya Munshi JAVA Developer
Riya Munshi JAVA DeveloperRiya_Munshi
 
Asp.net identity dot netconf
Asp.net identity dot netconfAsp.net identity dot netconf
Asp.net identity dot netconfrustd
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...SpanishPASSVC
 
Afzal-Khan-Resume
Afzal-Khan-ResumeAfzal-Khan-Resume
Afzal-Khan-Resumeafzal khan
 
What is ASP.NET MVC
What is ASP.NET MVCWhat is ASP.NET MVC
What is ASP.NET MVCBrad Oyler
 
5.10 years Expetience in Asp.net with MVC
5.10 years Expetience in Asp.net with MVC5.10 years Expetience in Asp.net with MVC
5.10 years Expetience in Asp.net with MVCprashant zope
 
Subhajit das resume_2015
Subhajit das resume_2015Subhajit das resume_2015
Subhajit das resume_2015Subhajit Das
 
Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015Subhajit Das
 

Similar to Authentication & Authorization in ASPdotNet MVC (20)

Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
 
Suresh_Resume
Suresh_ResumeSuresh_Resume
Suresh_Resume
 
Riya Munshi JAVA Developer
Riya Munshi JAVA DeveloperRiya Munshi JAVA Developer
Riya Munshi JAVA Developer
 
Sadiq_CV_7
Sadiq_CV_7Sadiq_CV_7
Sadiq_CV_7
 
Satya_Prakash
Satya_PrakashSatya_Prakash
Satya_Prakash
 
Asp.net identity dot netconf
Asp.net identity dot netconfAsp.net identity dot netconf
Asp.net identity dot netconf
 
ASP.NET MVC - Latest & Greatest So Far
ASP.NET MVC - Latest & Greatest So FarASP.NET MVC - Latest & Greatest So Far
ASP.NET MVC - Latest & Greatest So Far
 
Kasi Resume
Kasi ResumeKasi Resume
Kasi Resume
 
Arun Kumar(7.8Yrs).DOC
Arun Kumar(7.8Yrs).DOCArun Kumar(7.8Yrs).DOC
Arun Kumar(7.8Yrs).DOC
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
 
Afzal-Khan-Resume
Afzal-Khan-ResumeAfzal-Khan-Resume
Afzal-Khan-Resume
 
Resume
ResumeResume
Resume
 
Ashok cv_1
Ashok cv_1Ashok cv_1
Ashok cv_1
 
What is ASP.NET MVC
What is ASP.NET MVCWhat is ASP.NET MVC
What is ASP.NET MVC
 
Meetup bangalore-may22nd2021
Meetup bangalore-may22nd2021Meetup bangalore-may22nd2021
Meetup bangalore-may22nd2021
 
5.10 years Expetience in Asp.net with MVC
5.10 years Expetience in Asp.net with MVC5.10 years Expetience in Asp.net with MVC
5.10 years Expetience in Asp.net with MVC
 
malliCV
malliCVmalliCV
malliCV
 
Cv kapil
Cv kapilCv kapil
Cv kapil
 
Subhajit das resume_2015
Subhajit das resume_2015Subhajit das resume_2015
Subhajit das resume_2015
 
Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015Subhajit_Das_Resume_2015
Subhajit_Das_Resume_2015
 

More from Mindfire Solutions

High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure ApplicationsMindfire Solutions
 
Oracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedOracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedMindfire Solutions
 
Introduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacIntroduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacMindfire Solutions
 
Get started with watch kit development
Get started with watch kit developmentGet started with watch kit development
Get started with watch kit developmentMindfire Solutions
 

More from Mindfire Solutions (20)

Physician Search and Review
Physician Search and ReviewPhysician Search and Review
Physician Search and Review
 
diet management app
diet management appdiet management app
diet management app
 
Business Technology Solution
Business Technology SolutionBusiness Technology Solution
Business Technology Solution
 
Remote Health Monitoring
Remote Health MonitoringRemote Health Monitoring
Remote Health Monitoring
 
Influencer Marketing Solution
Influencer Marketing SolutionInfluencer Marketing Solution
Influencer Marketing Solution
 
ELMAH
ELMAHELMAH
ELMAH
 
High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure Applications
 
IOT Hands On
IOT Hands OnIOT Hands On
IOT Hands On
 
Glimpse of Loops Vs Set
Glimpse of Loops Vs SetGlimpse of Loops Vs Set
Glimpse of Loops Vs Set
 
Oracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedOracle Sql Developer-Getting Started
Oracle Sql Developer-Getting Started
 
Adaptive Layout In iOS 8
Adaptive Layout In iOS 8Adaptive Layout In iOS 8
Adaptive Layout In iOS 8
 
Introduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacIntroduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/Mac
 
LINQPad - utility Tool
LINQPad - utility ToolLINQPad - utility Tool
LINQPad - utility Tool
 
Get started with watch kit development
Get started with watch kit developmentGet started with watch kit development
Get started with watch kit development
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
 
Material Design in Android
Material Design in AndroidMaterial Design in Android
Material Design in Android
 
Introduction to OData
Introduction to ODataIntroduction to OData
Introduction to OData
 
Ext js Part 2- MVC
Ext js Part 2- MVCExt js Part 2- MVC
Ext js Part 2- MVC
 
ExtJs Basic Part-1
ExtJs Basic Part-1ExtJs Basic Part-1
ExtJs Basic Part-1
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
 

Recently uploaded

%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 

Recently uploaded (20)

%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 

Authentication & Authorization in ASPdotNet MVC

  • 1. Authentication and Authorization in ASP.NET MVC 4 Presenter – Raj Kumar Bhagat, Mindfire Solutions
  • 2. Myself Certifications:- MCTS 70-515 Microsoft .Net 4.0 Web App Development MCP 70-486 Developing ASP.NET MVC 4.0 Web App Skills:- ASP.NET, MVC, C#, SQL Server, MySQL, Jquery, EntityFramework, LINQ Contact:- Email – rajb@mindfiresolutions.com Skype - mfsi_rajb
  • 3. Contents ● Introduction - Why security is important? - Different ways to secure our application ● What is authentication and authorization? ● What are providers in ASP.NET? ● What is membership provider in ASP.NET? ● Problems with ASP.NET Membership ● SimpleMembership as a better Membership system ● Implementation of SimpleMembership provider in MVC 4 application
  • 4. Introduction – Why Security? Security is one of the most important part of any Website or a Web Application. There are various ways to exploit a website/ web application: - ● Brute Force ● Sniffers ● Spoofing ● Social Engineering ● SQL Injection
  • 5. How? ● Design application in good way ● Encrypt sensitive data while storing ● Validate input data before processing ● Force users to give strong password ● Implement Authentication and Authorization technique
  • 6. Authentication and Authorization Authentication is a process where a user's credential is checked. e.g. - gmail, facebook etc. Authorization is a process where a user access the resource based on his/her role. Authentication always precedes Authorization.
  • 7. What is a Provider in Asp.Net? ProviderBase class is an "Abstract Class" which follows the "Provider Model". This class is very simple and contains very few methods which is inherited from the "Object" Class.This class is a part of the System.Configuration.Provider namespace. This ProviderBase class implements a 2 step process. ● Feature-specific Providers (Membership/ Role/ Profile Providers) ● Implementation-specific Providers (SqlMembership Provider)
  • 8. MembershipProvider in ASP.NET ● ASP.NET membership gives us a built-in way to validate and store user credentials. ASP.NET membership therefore helps us manage user authentication in web sites. ● ASP.NET Membership provides two types of Membership providers:- - SQLMembershipProvider - ActiveDirectoryMembershipProvider ● ASP.NET provides us to configure our own Custom Membership Provider. (Oracle Data Source, Other data source) ● This class inherits from the abstract ProviderBase class and contains various methods and properties to Create, Delete, Update, Validate, Get User information, Change Password
  • 9. Problems with ASP.NET Membership ● Requires full SQL server for default cases ● Custom Membership Providers have to work with a SQL-Server- Centric API ● Designed around a specific view of users, roles, profiles ● Requires specific schema, overflow in blob columns
  • 10. SimpleMembership ● Works with our schema ● Broaden database support to the whole SQL server family ● Easy to use with Entity Framework Code First
  • 11. SimpleMembership integrates with ASP.NET Membership
  • 12. Demo Implementation of SimpleMembership provider in MVC 4 application
  • 13. References ● http://www.codeproject.com/Articles/637428/SimpleMembershipProvider-vs- MembershipProvider ● http://mvc-model.blogspot.in/2013/06/mvc-4-custom-simple-membership-provider. html ● http://blog.osbornm.com/2010/07/21/using-simplemembership-with-asp-net-webpages/