SlideShare uma empresa Scribd logo

Authentication and Authorization in Asp.Net

Transferir como PPTX, PDF
Shivanand Arur
Shivanand Arur

This presentation gives a little information about Why Security is important, then moving towards understanding about Authentication and Authorization and its various ways 1. Forms Authentication 2. Windows Authentication 3. Passport Authentication

Tecnologia
1 de 20
Topics – Authentication and Authorization 1. INTRODUCTION  Why Security is important in today’s world?  Different Ways to secure your Website / Application 2. What is IIS? and How to install and host an ASP.NET Website? 3. What is Authentication? 4. What is Authorization? 5. What is an Identity Object? 6. What is a Principal Object?
Topics – Authentication and Authorization • Different ways of Authentication :  Forms Authentication.  Using Cookies  Cookieless  Windows Authentication.  Passport Authentication.
Introduction – Why Security is Important? 1. Security is one of the most important part of any Website or a Web Application. 2. Hackers are waiting out there for us and use various ways to exploit a website / web-application. 3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
Introduction - Different Ways to Secure your Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
What is Internet Information Service(IIS)? • IIS is one of the most powerful Web Server developed by Microsoft to host ASP.NET Websites or Applications. • Its responsibility is to give a Response back to the Request sent by the Client. How does IIS work?
What is Authentication? • Dictionary meaning of “Authentication” is to “Check someone’s genuineness” • In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. • Example – Facebook, Yahoo, Gmail. What is Authorization? • Providing access to resource based on User’s role. • Authentication always preceeds Authorization
What is an Identity Object? • An Identity Object is an Object which stores information about an Authenticated User. • Contains 2 types of Objects “WindowsIdentity” and “GenericIdentity” What is a Principal Object? • A Principal Object is an Object that basically defines the roles of the Authenticated User. • Principal Object encapsulates the Identity Object.
Forms Authentication • Forms Authentication is nothing but a Cookie based Authentication where a Cookie is stored on the Client’s machine. • It makes use of a Custom Form to accept User’s Credentials. • Credentials are validated with the information stored in a specific source. • Advantage – – It is the simplest way of authenticating Users for websites and applications. – User does not have to login again and again to the same application.
Windows Authentication • Windows Authentication is used in Intranet Environment. • Users credentials are validated with the information stored in the Windows Users Group. • It is not available in Windows 7 Home - Premium, Basic and Starter Versions.
Types of Windows Authentication 1. Anonymous Authentication – It does not authenticates the User. 2. Basic Authentication – User is authenticated and information is sent in BASE-64 Encoded format. 3. Digest Authentication – Works like Basic Authentication, but sends information in an encrypted format. 4. Integrated Windows Authentication – It either uses the NTLM or Kerberos type for authentication.
Working process of NTLM – Also know as Challenge-Response Process
Authentication using Kerberos Mechanism Authentication using Kerberos, contains 3 main components.  Authentication Service (AS)  Validates the Username and Password and sends a simple ticket.  Ticket Granting Server (TGT)  The Client sends the Ticket to the TGT, which sends a Service Ticket.  Service Broker (SB)  The SB, generates the Connection and creates Session for the User to use the Application
2 1 1 2
Passport Authentication • User’s Credentials are authenticated using the Microsoft’s websites (Windows Live, Hotmail). • User’s are sent to the Microsoft’s Login page for authentication. • User is not authorized. • Developer does not require to create his own Custom Login Form. • For using the Passport Authentication service, you will have to download the .Net Passport SDK and will also need to register the Application using the .Net Service Manager.
THANK YOU

Recomendados

Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
HTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status CodeHTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status CodeAbhishek L.R
 
IIS
IISIIS
IISGiritharan V
 
C# classes objects
C# classes objectsC# classes objects
C# classes objectsDr.Neeraj Kumar Pandey
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security TutorialJorgen Thelin
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Hibernate ppt
Hibernate pptHibernate ppt
Hibernate pptAneega
 
WSDL
WSDLWSDL
WSDLAkshay Ballarpure
 

Recomendados

Difference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netDifference between authentication and authorization in asp.net
Difference between authentication and authorization in asp.netUmar Ali
 
HTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status CodeHTTP Request Header and HTTP Status Code
HTTP Request Header and HTTP Status CodeAbhishek L.R
 
IIS
IISIIS
IISGiritharan V
 
C# classes objects
C# classes objectsC# classes objects
C# classes objectsDr.Neeraj Kumar Pandey
 
Web Services Security Tutorial
Web Services Security TutorialWeb Services Security Tutorial
Web Services Security TutorialJorgen Thelin
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Hibernate ppt
Hibernate pptHibernate ppt
Hibernate pptAneega
 
WSDL
WSDLWSDL
WSDLAkshay Ballarpure
 
Introduction to .net framework
Introduction to .net frameworkIntroduction to .net framework
Introduction to .net frameworkArun Prasad
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWTPrashant Walke
 
Java Tokens
Java TokensJava Tokens
Java TokensMadishetty Prathibha
 
Namespaces in C#
Namespaces in C#Namespaces in C#
Namespaces in C#yogita kachve
 
What is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaWhat is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaEdureka!
 
Java beans
Java beansJava beans
Java beansRajkiran Mummadi
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#OpenSource Technologies Pvt. Ltd.
 
java token
java tokenjava token
java tokenJadavsejal
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
7.data types in c#
7.data types in c#7.data types in c#
7.data types in c#Zeeshan Ahmad
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVAVINOTH R
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootPurbarun Chakrabarti
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework Serhat Can
 
Presentation on-exception-handling
Presentation on-exception-handlingPresentation on-exception-handling
Presentation on-exception-handlingNahian Ahmed
 
Ado.Net Tutorial
Ado.Net TutorialAdo.Net Tutorial
Ado.Net Tutorialprabhu rajendran
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in javaTech_MX
 
Threads in JAVA
Threads in JAVAThreads in JAVA
Threads in JAVAHaldia Institute of Technology
 
VB Script
VB ScriptVB Script
VB ScriptSatish Sukumaran
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 

Mais conteúdo relacionado

Mais procurados

Introduction to .net framework
Introduction to .net frameworkIntroduction to .net framework
Introduction to .net frameworkArun Prasad
 
What is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaWhat is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaEdureka!
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVAVINOTH R
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework Serhat Can
 
Presentation on-exception-handling
Presentation on-exception-handlingPresentation on-exception-handling
Presentation on-exception-handlingNahian Ahmed
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in javaTech_MX
 

Mais procurados (20)

Introduction to .net framework
Introduction to .net frameworkIntroduction to .net framework
Introduction to .net framework
 
Web Security
Web SecurityWeb Security
Web Security
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
 
Java Tokens
Java TokensJava Tokens
Java Tokens
 
Namespaces in C#
Namespaces in C#Namespaces in C#
Namespaces in C#
 
What is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | EdurekaWhat is Dependency Injection in Spring Boot | Edureka
What is Dependency Injection in Spring Boot | Edureka
 
Java beans
Java beansJava beans
Java beans
 
Introduction to c#
Introduction to c#Introduction to c#
Introduction to c#
 
java token
java tokenjava token
java token
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
7.data types in c#
7.data types in c#7.data types in c#
7.data types in c#
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVA
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework
 
Presentation on-exception-handling
Presentation on-exception-handlingPresentation on-exception-handling
Presentation on-exception-handling
 
Ado.Net Tutorial
Ado.Net TutorialAdo.Net Tutorial
Ado.Net Tutorial
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in java
 
Threads in JAVA
Threads in JAVAThreads in JAVA
Threads in JAVA
 
VB Script
VB ScriptVB Script
VB Script
 

Destaque

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesCA API Management
 
Nevigation control in asp.net
Nevigation control in asp.netNevigation control in asp.net
Nevigation control in asp.netparallelminder
 
Formbased authentication in asp.net
Formbased authentication in asp.netFormbased authentication in asp.net
Formbased authentication in asp.netparallelminder
 
Restoring SharePoint Frontend server
Restoring SharePoint Frontend serverRestoring SharePoint Frontend server
Restoring SharePoint Frontend serverparallelminder
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptShivanand Arur
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackFITC
 
Master Pages In Asp.net
Master Pages In Asp.netMaster Pages In Asp.net
Master Pages In Asp.netparallelminder
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance TopicsAli Taki
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)Sarah Conway
 
Master pages ppt
Master pages pptMaster pages ppt
Master pages pptIblesoft
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsDhananjay Aloorkar
 
Master pages
Master pagesMaster pages
Master pagesteach4uin
 

Destaque (20)

Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
RADIUS
RADIUSRADIUS
RADIUS
 
AAA in a nutshell
AAA in a nutshellAAA in a nutshell
AAA in a nutshell
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Layer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web ServicesLayer 7: Fine Grained Authorization for Web Services
Layer 7: Fine Grained Authorization for Web Services
 
Nevigation control in asp.net
Nevigation control in asp.netNevigation control in asp.net
Nevigation control in asp.net
 
Formbased authentication in asp.net
Formbased authentication in asp.netFormbased authentication in asp.net
Formbased authentication in asp.net
 
Restoring SharePoint Frontend server
Restoring SharePoint Frontend serverRestoring SharePoint Frontend server
Restoring SharePoint Frontend server
 
Asp.net membership anduserroles_ppt
Asp.net membership anduserroles_pptAsp.net membership anduserroles_ppt
Asp.net membership anduserroles_ppt
 
Authentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN StackAuthentication and Authorization Architecture in the MEAN Stack
Authentication and Authorization Architecture in the MEAN Stack
 
Master Pages In Asp.net
Master Pages In Asp.netMaster Pages In Asp.net
Master Pages In Asp.net
 
Asp Net Advance Topics
Asp Net Advance TopicsAsp Net Advance Topics
Asp Net Advance Topics
 
The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)The Three Musketeers (Authentication, Authorization, Accounting)
The Three Musketeers (Authentication, Authorization, Accounting)
 
Ch3 server controls
Ch3 server controlsCh3 server controls
Ch3 server controls
 
Master pages ppt
Master pages pptMaster pages ppt
Master pages ppt
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP Protocols
 
Master pages
Master pagesMaster pages
Master pages
 

Semelhante a Authentication and Authorization in Asp.Net

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsJason Robert
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoLiam Cleary [MVP]
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthKashif Imran
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net applicationZAIYAUL HAQUE
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraMorgan Simonsen
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft 365 Developer
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 

Semelhante a Authentication and Authorization in Asp.Net (20)

SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web ApplicationsY U No OAuth, Using Common Patterns to Secure Your Web Applications
Y U No OAuth, Using Common Patterns to Secure Your Web Applications
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
Y U No OAuth?!?
Y U No OAuth?!?Y U No OAuth?!?
Y U No OAuth?!?
 
SharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San FranciscoSharePoint Authentication And Authorization SPTechCon San Francisco
SharePoint Authentication And Authorization SPTechCon San Francisco
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuth
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Security asp.net application
Security asp.net applicationSecurity asp.net application
Security asp.net application
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web Security
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
AbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptxAbedElilahElmahmoumP1.pptx
AbedElilahElmahmoumP1.pptx
 
NIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud EraNIC 2014 Modern Authentication for the Cloud Era
NIC 2014 Modern Authentication for the Cloud Era
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 
Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020Microsoft Teams community call - February 2020
Microsoft Teams community call - February 2020
 
Web security
Web securityWeb security
Web security
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
 

Último

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Último (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Authentication and Authorization in Asp.Net

  • 1.
  • 2. Topics – Authentication and Authorization 1. INTRODUCTION  Why Security is important in today’s world?  Different Ways to secure your Website / Application 2. What is IIS? and How to install and host an ASP.NET Website? 3. What is Authentication? 4. What is Authorization? 5. What is an Identity Object? 6. What is a Principal Object?
  • 3. Topics – Authentication and Authorization • Different ways of Authentication :  Forms Authentication.  Using Cookies  Cookieless  Windows Authentication.  Passport Authentication.
  • 4. Introduction – Why Security is Important? 1. Security is one of the most important part of any Website or a Web Application. 2. Hackers are waiting out there for us and use various ways to exploit a website / web-application. 3. Hacker can attack in many ways.  Brute Force  Sniffers  Spoofing  Social Engineering  SQL Injection
  • 5.
  • 6. Introduction - Different Ways to Secure your Application  Design your Application well.  Encrypting the Data while storing.  Input Validation.  Forcing Users for Strong Passwords.  Authentication and Authorization.
  • 7. What is Internet Information Service(IIS)? • IIS is one of the most powerful Web Server developed by Microsoft to host ASP.NET Websites or Applications. • Its responsibility is to give a Response back to the Request sent by the Client. How does IIS work?
  • 8. What is Authentication? • Dictionary meaning of “Authentication” is to “Check someone’s genuineness” • In ASP.NET – Authentication means the same. It is a process where you check a person’s credentials. • Example – Facebook, Yahoo, Gmail. What is Authorization? • Providing access to resource based on User’s role. • Authentication always preceeds Authorization
  • 9.
  • 10. What is an Identity Object? • An Identity Object is an Object which stores information about an Authenticated User. • Contains 2 types of Objects “WindowsIdentity” and “GenericIdentity” What is a Principal Object? • A Principal Object is an Object that basically defines the roles of the Authenticated User. • Principal Object encapsulates the Identity Object.
  • 11.
  • 12. Forms Authentication • Forms Authentication is nothing but a Cookie based Authentication where a Cookie is stored on the Client’s machine. • It makes use of a Custom Form to accept User’s Credentials. • Credentials are validated with the information stored in a specific source. • Advantage – – It is the simplest way of authenticating Users for websites and applications. – User does not have to login again and again to the same application.
  • 13.
  • 14. Windows Authentication • Windows Authentication is used in Intranet Environment. • Users credentials are validated with the information stored in the Windows Users Group. • It is not available in Windows 7 Home - Premium, Basic and Starter Versions.
  • 15. Types of Windows Authentication 1. Anonymous Authentication – It does not authenticates the User. 2. Basic Authentication – User is authenticated and information is sent in BASE-64 Encoded format. 3. Digest Authentication – Works like Basic Authentication, but sends information in an encrypted format. 4. Integrated Windows Authentication – It either uses the NTLM or Kerberos type for authentication.
  • 16. Working process of NTLM – Also know as Challenge-Response Process
  • 17. Authentication using Kerberos Mechanism Authentication using Kerberos, contains 3 main components.  Authentication Service (AS)  Validates the Username and Password and sends a simple ticket.  Ticket Granting Server (TGT)  The Client sends the Ticket to the TGT, which sends a Service Ticket.  Service Broker (SB)  The SB, generates the Connection and creates Session for the User to use the Application
  • 18. 2 1 1 2
  • 19. Passport Authentication • User’s Credentials are authenticated using the Microsoft’s websites (Windows Live, Hotmail). • User’s are sent to the Microsoft’s Login page for authentication. • User is not authorized. • Developer does not require to create his own Custom Login Form. • For using the Passport Authentication service, you will have to download the .Net Passport SDK and will also need to register the Application using the .Net Service Manager.