This presentation gives a little information about Why Security is important, then moving towards understanding about Authentication and Authorization and its various ways
1. Forms Authentication
2. Windows Authentication
3. Passport Authentication
Injustice - Developers Among Us (SciFiDevCon 2024)
Authentication and Authorization in Asp.Net
1.
2. Topics – Authentication and Authorization
1. INTRODUCTION
Why Security is important in today’s world?
Different Ways to secure your Website / Application
2. What is IIS? and How to install and host an ASP.NET Website?
3. What is Authentication?
4. What is Authorization?
5. What is an Identity Object?
6. What is a Principal Object?
3. Topics – Authentication and Authorization
• Different ways of Authentication :
Forms Authentication.
Using Cookies
Cookieless
Windows Authentication.
Passport Authentication.
4. Introduction – Why Security is Important?
1. Security is one of the most important part of any Website or a
Web Application.
2. Hackers are waiting out there for us and use various ways to
exploit a website / web-application.
3. Hacker can attack in many ways.
Brute Force
Sniffers
Spoofing
Social Engineering
SQL Injection
5.
6. Introduction - Different Ways to Secure your Application
Design your Application well.
Encrypting the Data while storing.
Input Validation.
Forcing Users for Strong Passwords.
Authentication and Authorization.
7. What is Internet Information Service(IIS)?
• IIS is one of the most powerful Web Server developed by Microsoft
to host ASP.NET Websites or Applications.
• Its responsibility is to give a Response back to the Request sent by
the Client.
How does IIS work?
8. What is Authentication?
• Dictionary meaning of “Authentication” is to “Check someone’s
genuineness”
• In ASP.NET – Authentication means the same. It is a process where
you check a person’s credentials.
• Example – Facebook, Yahoo, Gmail.
What is Authorization?
• Providing access to resource based on User’s role.
• Authentication always preceeds Authorization
9.
10. What is an Identity Object?
• An Identity Object is an Object which stores information about an
Authenticated User.
• Contains 2 types of Objects “WindowsIdentity” and
“GenericIdentity”
What is a Principal Object?
• A Principal Object is an Object that basically defines the roles of the
Authenticated User.
• Principal Object encapsulates the Identity Object.
11.
12. Forms Authentication
• Forms Authentication is nothing but a Cookie based Authentication
where a Cookie is stored on the Client’s machine.
• It makes use of a Custom Form to accept User’s Credentials.
• Credentials are validated with the information stored in a specific
source.
• Advantage –
– It is the simplest way of authenticating Users for websites and
applications.
– User does not have to login again and again to the same
application.
13.
14. Windows Authentication
• Windows Authentication is used in Intranet Environment.
• Users credentials are validated with the information stored in the
Windows Users Group.
• It is not available in Windows 7 Home - Premium, Basic and Starter
Versions.
15. Types of Windows Authentication
1. Anonymous Authentication – It does not authenticates the User.
2. Basic Authentication – User is authenticated and information is sent in
BASE-64 Encoded format.
3. Digest Authentication – Works like Basic Authentication, but sends
information in an encrypted format.
4. Integrated Windows Authentication – It either uses the NTLM or
Kerberos type for authentication.
17. Authentication using Kerberos Mechanism
Authentication using Kerberos, contains 3 main components.
Authentication Service (AS)
Validates the Username and Password and sends a simple ticket.
Ticket Granting Server (TGT)
The Client sends the Ticket to the TGT, which sends a Service Ticket.
Service Broker (SB)
The SB, generates the Connection and creates Session for the User to use
the Application
19. Passport Authentication
• User’s Credentials are authenticated using the Microsoft’s websites
(Windows Live, Hotmail).
• User’s are sent to the Microsoft’s Login page for authentication.
• User is not authorized.
• Developer does not require to create his own Custom Login Form.
• For using the Passport Authentication service, you will have to
download the .Net Passport SDK and will also need to register the
Application using the .Net Service Manager.